BCSL-063 Operating System Concepts and Networking Management

[OPERATING SYSTEM CONCEPTS AND NETWORKING
MANAGEMENT] BCSL-063
Question 1 View the TCP/ip setting.

Answer TCP/IP on Windows 7
1. Step 1: Go to Start > Control Panel > Network and Internet > Network and Sharing Center,
then in the left-hand column, click Manage network connections.
2. Step 2: Right-click Local Area Connections and select Properties.
Note: The name of this connection may vary if you have changed it or if you have previously
connected to other wired Ethernet networks.
3. Step 3: Windows 7 might present you with a User Account Control window asking you for
permission to continue. Click Continue to move on. A Local Area Connection Properties
window will open.
4. Step 4: In the Connection Properties window, under This connection uses the following items:,
select Internet Protocol Version 4(TCP/IPv4), then click Properties and make sure that
Obtain an IP address automatically and Obtain DNS server address automatically are
selected.
5. Step 5: If TCP/IP does not appear on the list under This connection uses the following items:, you
must install it.
o Click Install.
o In the Select Network Feature Type window, select Protocol and click Add...
o In the Select Network Protocol window, choose TCP/IP and click OK, then follow any
on-screen directions.
Question 5 configure interfaces
Answer Configure Interfaces
The Interfaces Tab in IPNetSentryX allows you to select which IP interfaces should have IP Filters
applied and whether they are used as "Internal" or "External" interfaces. The later setting helps
IPNetSentryX make better choices for testing. When you select an IP interface for filtering and turn
"IPNetSentryX On", a Network Kernel Extension (NKE) is inserted in the corresponding link stream to
perform the actual IP filtering.
Ethernet Bridging
Ethernet Bridging is a technique for passing traffic between two Ethernet like devices such as Ethernet
and AirPort. Although you can buy a hardware bridge inexpensively, the advantage of Ethernet bridging
in software is that you can still use the firewall to filter or log packets and you can extend any wired
Ethernet segment to AirPort wireless without regard to IP addresses our routing.
Example 1: suppose you have an AirPort base station connected to a cable modem which provides
Internet access to other computers in your home. By enabling Ethernet bridging on one of those
computers, any devices attached to the Ethernet port on that computer (such as a printer or pre-AirPort
Macintosh) becomes part of your Local Area Network. No additional routing or network address
translation is required.
Example 2: suppose you already have a router that connects your LAN to the Internet and want to insert a
firewall between that router and the Internet. With Ethernet bridging, you can simply plug a Mac with two
Ethernet ports into any cable segment to insert a firewall.
Name: Rahul Kumar Singh Page 1
Enroll : 167180363
To enable Ethernet bridging, select the Ethernet compatible network ports you want to bridge under the
"Bridge" column in the Interfaces table. Although bridging does not require an IP address to be assigned,
Mac OS X may not retain a network port as active unless it is configured with an IP address in the
Network Preferences Panel.
Automatic Failover
IPNetSentryX allows you to specify a second gateway or router address to use as a backup in case the
first default gateway (router address in the Network Preferences Panel) becomes unavailable. You can
enter a 2nd gateway in the Gateways column separated by a comma. If you have a cable modem and DSL
line from different ISPs for example, you can make one the default route and designate the other as an
alternate gateway.
If a connection attempt or DNS lookup is retransmitted twice and doesn't get a response through the first
gateway, it will automatically fail over to try the alternate gateway (by installing a host route on the fly).
If more than half of the connection table has failed over, IPNetSentryX will install the alternate gateway
as a new default route.
The effect is that connections fail over transparently on the fly before the original connection attempt
even times out. If the gateway is completely dead, the default route is updated to point to the gateway that
is working. The second ISP connection provides transparent redundancy for improved reliability.
Question 6 Configure routing protocols?
Answer Configuring Routing Protocol
This chapter describes how to configure Routing Information Protocol (RIP). For a complete description
of the RIP commands that appear in this chapter, refer to the "RIP Commands" chapter of the Cisco IOS
IP Command Reference, Volume 2 of 3: Routing Protocols. To locate documentation of other commands
that appear in this chapter, use the command reference master index, or search online.

Enroll : 167180363
RIP is a relatively old but still commonly used interior gateway protocol created for use in small,
homogeneous networks. It is a classical distance-vector routing protocol. RIP is documented in
RFC 1058.
RIP uses broadcast User Datagram Protocol (UDP) data packets to exchange routing information.
Cisco IOS software sends routing information updates every 30 seconds, which is termed advertising. If a
router does not receive an update from another router for 180 seconds or more, it marks the routes served
by the nonupdating router as being unusable. If there is still no update after 240 seconds, the router
removes all routing table entries for the nonupdating router.
The metric that RIP uses to rate the value of different routes is hop count. The hop count is the number of
routers that can be traversed in a route. A directly connected network has a metric of zero; an unreachable
network has a metric of 16. This small range of metrics makes RIP an unsuitable routing protocol for
large networks.
A router that is running RIP can receive a default network via an update from another router that is
running RIP, or the router can source (generate) the default network itself with RIP. In both cases, the
default network is advertised through RIP to other RIP neighbors.
Cisco IOS software will source the default network with RIP if one of the following conditions is met:
• The ip default-network command is configured.
• The default-information originate command is configured.
• The default route is learned via another routing protocol or static route and then redistributed into
RIP.
RIP sends updates to the interfaces in the specified networks. If the network of an interface network is not
specified, it will not be advertised in any RIP update.
The Cisco implementation of RIP Version 2 supports plain text and Message Digest 5 (MD5)
authentication, route summarization, classless interdomain routing (CIDR), and variable-length subnet
masks (VLSMs).
For protocol-independent features, which also apply to RIP, see the chapter "Configuring IP Routing
Protocol-Independent Features" in this book.
To identify the hardware platform or software image information associated with a feature, use the
Feature Navigator on Cisco.com to search for information about the feature or refer to the software
release notes for a specific release. For more information, see the "Identifying Supported Platforms"
section in the "Using Cisco IOS Software" chapter in this book.
Question 7 Configure filters
Answer Creating a Filter
To create a new filter:

1. In the Create New Filter box, enter or select the parameters shown in the Create New Filter
Parameters table below.
2. When you have the parameters defined to your satisfaction, scroll to the bottom of the screen and
click on Create Filter.
Create New Filter Parameters
Filter Name Specify a unique name for this filter. It may be up to 32 printable
characters. It may not include spaces, commas, slashes, or hyphens.
For example: standard_guest_filter
Default Action Specify the action to take when none of the conditions specified in the
rule or rules for this filter are matched:

Enroll : 167180363
Discard – Specifies that a packet is to be discarded

Forward – Specifies that a packet is to be forwarded
Rule n Use as many drop-down lists as necessary to select rules that apply to this
filter. A filter may have up to 16 rules.
Use the Configuration/Filters/Rule screen to create or modify filter rules.
Creating a Filter Rule
To create a new filter rule:
1. In the Create New Rule box, enter or select the parameters shown in the Create New Rule
Parameters table below.
2. Click on Create.
Rules Box Fields
Rule Name Shows the names of existing rules.
Action Shows action specified for a rule.
Type Shows type specified for a rule.
Rule Shows Ethertype for a rule.
Create New Rule Parameters

Rule Name Specify a unique name for this rule. It may be up to 32 printable
characters. It may not include spaces, commas, slashes, or hyphens. For
example: DecNet
Action Specify the action to take when the condition is matched:
Discard – Specifies that a packet is to be discarded
Forward – Specifies that a packet is to be forwarded
Type Specify the rule type:
Ether - The rule is applied to Layer 2 Ethernet traffic.
Ether-snap - The rule is applied to Layer 2 SubNetwork Access Protocol
(SNAP) traffic.
Ethertype Code (hex) Specify the 8-digit hexadecimal Ethertype code as listed in RFC 1700.
You may also specify a range (two Ethertypes separated by a hyphen).
Question 8 configure routes
Answer routes Configuration

Configuring Command-Line Access
To configure parameters to control access to the router, follow these steps, beginning in global
configuration mode.
SUMMARY STEPS
1. line [aux | console | tty | vty] line-number
2. password password
3. login
4. exec-timeout minutes [seconds]
Enroll : 167180363
5. line [aux | console | tty | vty] line-number

6. password password
7. login
8. end
DETAILED STEPS
Command Purpose
Step 1 line [aux | console | Enters line configuration mode, and specifies the
tty | vty] line-number type of line.
This example specifies a console terminal for
Example: access.
Router(config)# line
console 0
Router(config-line)#
Step 2 password password Specifies a unique password for the console
terminal line.
Example:
Router(config)#
password 5dr4Hepw3
Step 3 login Enables password checking at terminal session
login.
Example:
login
Step 4 exec-timeout minutes Sets the interval that the EXEC command
[seconds] interpreter waits until user input is detected. The
default is 10 minutes. Optionally, add seconds to
Example: the interval value.
This example shows a timeout of 5 minutes and
Router(config-line)# 30 seconds. Entering a timeout of 0 0 specifies
exec-timeout 5 30 never to time out.
Step 5 line [aux | console | Specifies a virtual terminal for remote console
tty | vty] line-number access.
Example:
line vty 0 4

Enroll : 167180363
Step 6 password password Specifies a unique password for the virtual terminal
line.
Example:
password aldf2ad1
Step 7 login Enables password checking at the virtual terminal
session login.
Example:
login
Step 8 end Exits line configuration mode, and returns to
privileged EXEC mode.
Example:
end
Router#
Example
The following configuration shows the command-line access commands.

You do not need to input the commands marked "default." These commands appear automatically in the
configuration file generated when you use the show running-config command.
!
line con 0
exec-timeout 10 0
password 4youreyesonly
login
transport input none (default)
stopbits 1 (default)
line vty 0 4
password secret
login
!
Configuring Static Routes
Static routes provide fixed routing paths through the network. They are manually configured on the
router. If the network topology changes, the static route must be updated with a new route. Static routes
are private routes unless they are redistributed by a routing protocol.

Enroll : 167180363
To configure static routes, follow these steps, beginning in global configuration mode.
SUMMARY STEPS
1. ip route prefix mask {ip-address | interface-type interface-number [ip-address]}

2. end
DETAILED STEPS
Command Purpose
Step 1 ip route prefix mask {ip- Specifies the static route for the IP packets.
address | interface-type For details about this command and about
interface-number [ip- additional parameters that can be set, see
address]} Cisco IOS IP Command Reference, Volume
2 of 4: Routing Protocols, Release 12.3
Example:
Router(config)# ip route
192.168.1.0 255.255.0.0
10.10.10.2
Router(config)#
Step 2 end Exits router configuration mode, and enters
privileged EXEC mode.
Example:
Router(config)# end
Router#
Example
In the following configuration example, the static route sends out all IP packets with a destination IP
address of 192.168.1.0 and a subnet mask of 255.255.255.0 on the Gigabit Ethernet interface to another
device with an IP address of 10.10.10.2. Specifically, the packets are sent to the configured PVC.
You do not need to enter the command marked "(default)." This command appears automatically in the
configuration file generated when you use the show running-config command.
!
ip classless (default)
ip route 192.168.1.0 255.255.255.0 10.10.10.2!
Verifying Configuration
To verify that you have properly configured static routing, enter the show ip route command and look for
static routes signified by the "S."
You should see verification output similar to the following:
Router# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

Enroll : 167180363
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
ia - IS-IS inter area, * - candidate default, U - per-user
static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C 10.108.1.0 is directly connected, Loopback0
S* 0.0.0.0/0 is directly connected, FastEthernet0
Question 9 Configure remote access

Answers Configure Remote Desktop Access on Windows 7 Systems
Remote Desktop is not enabled by default. You must specifically enable it to allow remote access to the
workstation. When it is enabled, any member of the Administrators group can connect to the workstation.
Other users must be placed on a remote access list to gain access to the workstation.
To configure remote access, follow these steps:
1. In Control Panel, click System And Security, and then click System.
2. On the System page, click Remote Settings in the left pane. This opens the System Properties dialog
box to the Remote tab.
3. To disable Remote Desktop, select Don’t Allow Connections To This Com¬puter, and then click
OK.Skip the remaining steps.
4. To enable Remote Desktop, you have two options. You can:
 Select Allow Connections From Computers Running Any Version Of Remote Desktop to allow
connections from any version of Windows.
 Select Allow Connections Only From Computers Running Remote Desktop With Network Level
Authentication to allow connections only from Windows 7 or later computers (and computers
with secure network authentication).
5. Click Select Users. This displays the Remote Desktop Users dialog box.
6. To grant Remote Desktop access to a user, click Add. This opens the Select Users dialog box. In the
Select Users dialog box, click Locations to select the computer or domain in which the users you want to
work with are located. Type the name of a user you want to work with in the Enter The Object Names To
Select field, and then click Check Names. If matches are found, select the account you want to use and
then click OK. If no matches are found, update the name you entered and try searching again. Repeat this
step as necessary, and then click OK.
7. To revoke remote access permissions for a user account, select the account and then click Remove.
8. Click OK twice when you have finished.
Windows Firewall must be configured to allow inbound Remote Desktop excep¬tions. You can configure
this on a per-computer basis in Windows Firewall for the domain profile and the standard profile. In
Group Policy, you can configure this exception and manage Remote Desktop by using the policy settings
shown in the following list. These settings are found in the Administrative Templates policies for
Computer Configuration under the path shown.
For Paths Under Windows Components\Remote Desktop Services:

Enroll : 167180363
\Remote Desktop Connection Client Allow .Rdp Files From Unknown Publishers
\Remote Desktop Connection Client Allow .Rdp Files From Valid Publishers And User’s Default .Rdp
Settings
\Remote Desktop Session Host\Security Always Prompt For Password Upon Connection
\Remote Desktop Session Host\Connections Automatic Reconnection
\Remote Desktop Connection Client Configure Server Authentication For Client
\Remote Desktop Session Host\Connections Deny Logoff Of An Administrator Logged In To The
Console Session
\Remote Desktop Session Host\Security Do Not Allow Local Administrators To Customize Permissions
\Remote Desktop Connection Client Do Not Allow Passwords To Be Saved
\Remote Desktop Session Host\Remote Session Environment Limit Maximum Color Depth
\Remote Desktop Session Host\Remote Session Environment Limit Maximum Display Resolution
\Remote Desktop Session Host\Remote Session Environment Limit Maximum Number Of Monitors
For Computer Configuration Path:

\Remote Desktop Session Host\Profiles Limit The Size Of The Entire Roaming User Profile Cache
\Remote Desktop Session Host\Security Require Use Of Specific Security Layer For Remote (Rdp)
Connections
\Remote Desktop Session Host\Security Set Client Connection Encryption Level
\Remote Desktop Session Host\Remote Session Environment Set Compression Algorithm For Rdp
Data
\Remote Desktop Connection Client Specify Sha1 Thumbprints Of Certificates Representing Trusted
.Rdp Publishers
For Computer Configuration Path:

\Windows Components\NetMeeting Disable Remote Desktop Sharing
\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Allow
Inbound Remote Desktop Exceptions
\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Allow
Inbound Remote Desktop Exceptions
Question 10 Use winchat command and communicate with your friend

sitting on a different machine of Windows 2000.
Answes Winchat
It is a very simple program located in the Windows System32 directory. A search for "winchat"
will also bring it up. This program can be very usefull to users that work in large office complexes and
need to deliver a message to another individual quickly and efficiently. This application also has a real
time chat screen, so you can see the other person typing. I have tested this program on 2 computers
running XP Pro, not XP Home.
1 start, search, "winchat" (or find in Windows, System 32 directory)
2 right click and select send to desktop (for easy opening)
3 run the program
4 choose dial button at the top
5 choose the computer of the person on the network who you wish to talk to.
6 both users must agree to connect to each other to talk.
Session 2. Linux/ unix operating systems

Enroll : 167180363
Exercise 2. Try to explore the filesystem write what is there in

/bin/usr/bin/sbin/tmp and/boot. Find and list the devices that are
available in your system.
Answers How To Understand the Filesystem Layout in a Linux VPS
Introduction
If you are new to Linux and Unix-like operating systems, the basic ways to interact with and navigate
your operating system can seem convoluted and confusing. One area that new users struggle with is how
to make sense of the way that the filesystem is structured.
In this article, we will discuss the various parts of the standard Linux filesystem. We will explore some of
the most interesting directories and where to look for various components in your server environment.
For demonstration purposes, we will be using an Ubuntu 12.04 server. Other Linux distros implement
things in slightly different ways, so if you are following along and notice a discrepancy with your own
system, check your distro's documentation.
Some Brief Notes on the History of the Linux Filesystem Layout
Linux inherits many of its concepts of filesystem organization from its Unix predecessors. As far back as
1979, Unix was establishing standards to control how compliant systems would organize their files.
The Linux Filesystem Hierarchy Standard, or FHS for short, is a prescriptive standard maintained by the
Linux Foundation that establishes the organizational layout that Linux distributions should uphold for
interoperability, ease of administration, and the ability to implement cross-distro applications reliably.
One important thing to mention when dealing with these systems is that Linux implements just about
everything as a file. This means that a text file is a file, a directory is a file (simply a list of other files), a
printer is represented by a file (the device drivers can send anything written to the printer file to the
physical printer), etc.
Although this is in some cases an oversimplification, it informs us of the approach that the designers of
the system encouraged: passing text and bytes back and forth and being able to apply similar strategies for
editing and accessing diverse components.
In this article, we will not follow the specification exactly, because distributions stray from the actual
standard often. Instead, we will check an Ubuntu 12.04 server to find the actual directory structure that
was implemented. This is much more useful for the average user.
Simple Navigation
Before actually delving into the filesystem layout, you need to know a few basics about how to navigate a
filesystem from the command line. We will cover the bare minimum here to get you on your feet.
Orient Yourself

Enroll : 167180363
The first thing you need to do is orient yourself in the filesystem. There are a few ways to do this, but one
of the most basic is with the pwd command, which stands for "print working directory":
pwd
/root
This simply returns the directory you are currently located in. We will learn how to interpret the results in
a bit.
Look Around
To see what files are in the current directory, you can issue the ls command, which stands for "list":
ls
bin etc lib mnt root selinux tmp vmlinuz
boot home lost+found opt run srv usr
dev initrd.img media proc sbin sys var
This will tell you all directories and files in your current directory.
The ls command can take some optional flags. Flags modify the commands default behavior to either
process or display the data in a different way.
For instance, if we would like to easily differentiate between files and directories by showing a "/" after
directory entries, you can add the -F flag:
ls -F
bin/ home/ media/ root/ srv/ var/
boot/ initrd.img@ mnt/ run/ sys/ vmlinuz@
dev/ lib/ opt/ sbin/ tmp/
etc/ lost+found/ proc/ selinux/ usr/
The two most common flags are probable -l and -a. The first flag forces the command to output
information in long-form:
ls -l
total 76
drwxr-xr-x 2 root root 4096 Apr 26 2012 bin
drwxr-xr-x 3 root root 4096 Apr 26 2012 boot
drwxr-xr-x 13 root root 3900 Dec 4 18:03 dev
drwxr-xr-x 78 root root 4096 Dec 4 19:29 etc
drwxr-xr-x 3 root root 4096 Dec 4 19:28 home
lrwxrwxrwx 1 root root 33 Apr 26 2012 initrd.img ->
/boot/initrd.img-3.2.0-24-virtual
drwxr-xr-x 16 root root 4096 Apr 26 2012 lib
. . .
This produces output with one line for each file or directory (the name is on the far right). This has a lot
of information that we are not interested in right now. One part we are interested in though is the very
first character, which tells us what kind of file it is. The three most common types are:
 -: Regular file

Enroll : 167180363
 d: Directory (a file of a specific format that lists other files)

 l: A hard or soft link (basically a shortcut to another file on the system)
The -a flag lists all files, including hidden files. In Linux, files are hidden automatically if they begin
with a dot:
ls -a
. .. .bash_logout .bashrc .profile
In this example, all of the files are hidden. The first two entries, . and .. are special. The . directory is a
shortcut that means "the current directory". The .. directory is a shortcut that means "the current
directory's parent directory". We will learn some ways to utilize these in just a moment.
Move Around
Now that you can find out where you are in the filesystem and see what is around you, it is time to learn
how to move throughout the filesystem.
To change to a different directory, you issue the cd command, which stands for "change directory":
cd /bin
You can follow the command with either an absolute or a relative pathname.
An absolute path is a file path that specifies the location of a directory from at the top of the directory
tree (we will explain this later). Absolute paths begin with a "/", as you see above.
A relative path is a file path that is relative to the current working directory. This means that instead of
defining a location from the top of the directory structure, it defines the location in relation to where you
currently are.
For instance, if you want to move to a directory within the current directory called documents, you can
issue this command:
cd documents
The lack of the "/" from the beginning tells to use the current directory as the base for looking for the
path.
This is where the .. directory comes in handy. To move to the parent directory of your current directory,
you can type:
cd ..
An Overview of the Linux Filesystem Layout
The first thing you need to know when viewing a Linux filesystem is that the filesystem is contained
within a single tree, regardless of how many devices are incorporated.
What this means is that all components accessible to the operating system are represented somewhere in
the main filesystem. If you use Windows as your primary operating system, this is different from what
you are used to. In Windows, each hard drive or storage space is represented as its own filesystem, which
are labeled with letter designations (C: being the standard top-level directory of the system file hierarchy
and additional drives or storage spaces being given other
letter labels).

Enroll : 167180363
In Linux, every file and device on the system resides under the "root" directory, which is denoted by a
starting "/".
Note: This is different from the default administrative user, which is also called "root". It is also different
from the default administrative user's home directory, which is located at "/root".
Thus, if we want to go to the top-level directory of the entire operating system and see what is there, we
can type:
cd /
ls
bin etc lib mnt root selinux tmp vmlinuz
boot home lost+found opt run srv usr
dev initrd.img media proc sbin sys var
Every file, device, directory, or application is located under this one directory. Under this, we can see the
beginnings of the rest of the directory structure. We will go into more details below:
/bin
This directory contains basic commands and programs that are needed to achieve a minimal working
environment upon booting. These are kept separate from some of the other programs on the system to
allow you to boot the system for maintenance even if other parts of the filesystem may be damaged or
unavailable.
If you search this directory, you will find that both ls and pwd reside here. The cd command is actually
built into the shell we are using (bash), which is in this directory too.
/boot
This directory contains the actual files, images, and kernels necessary to boot the system. While /bin
contains basic, essential utilities, /boot contains the core components that actually allow the system to
boot.
If you need to modify the bootloader on your system, or if you would like to see the actual kernel files
and initial ramdisk (initrd), you can find them here. This directory must be accessible to the system very
early on.
/dev
This directory houses the files that represent devices on your system. Every hard drive, terminal device,
input or output device available to the system is represented by a file here. Depending on the device, you
can operate on the devices in different ways.
For instance, for a device that represents a hard drive, like /dev/sda, you can mount it to the filesystem
to access it. On the other hand, if you have a file that represents a line printer like /dev/lpr, you can
write directly to it to send the information to the printer.
/etc

Enroll : 167180363
This is one area of the filesystem where you will spend a lot of time if you are working as a system
administrator. This directory is basically a configuration directory for various system-wide services.
By default, this directory contains many files and subdirectories. It contains the configuration files for
most of the activities on the system, regardless of their function. In cases where multiple configuration
files are needed, many times a application-specific subdirectory is created to hold these files. If you are
attempting to configure a service or program for the entire system, this is a great place to look.
/home
This location contains the home directories of all of the users on the system (except for the administrative
user, root). If you have created other users, a directory matching their username will typically be created
under this directory.
Inside each home directory, the associated user has write access. Typically, regular users only have write
access to their own home directory. This helps keep the filesystem clean and ensures that not just anyone
can change important configuration files.
Within the home directory, that are often hidden files and directories (represented by a starting dot) that
allow for user-specific configuration of tools. You can often set system defaults in the /etc directory,
and then each user can override them as necessary in their own home directory.
/lib
This directory is used for all of the shared system libraries that are required by the /bin and /sbin
directories. These files basically provide functionality to the other programs on the system. This is one of
the directories that you will not have to access often.
/lost+found
This is a special directory that contains files recovered by /fsck, the Linux filesystem repair program. If
the filesystem is damaged and recovery is undertaken, sometimes files are found but the reference to their
location is lost. In this case, the system will place them in this directory.
In most cases, this directory will remain empty. If you experience corruption or any similar problems and
are forced to perform recovery operations, it's always a good idea to check this location when you are
finished.
/media
This directory is typically empty at boot. Its real purpose is simply to provide a location to mount
removable media (like cds). In a server environment, this won't be used in most circumstances. But if
your Linux operating system ever mounts a media disk and you are unsure of where it placed it, this is a
safe bet.
/mnt

Enroll : 167180363
This directory is similar to the /media directory in that it exists only to serve as a organization mount
point for devices. In this case, this location is usually used to mount filesystems like external hard drives,
etc.
This directory is often used in a VPS environment for mounting network accessible drives. If you have a
filesystem on a remote system that you would like to mount on your server, this is a good place to do that.
/opt
This directory's usage is rather ambiguous. It is used by some distributions, but ignored by others.
Typically, it is used to store optional packages. In the Linux distribution world, this usually means
packages and applications that were not installed from the repositories.
For instance, if your distribution typically provides the packages through a package manager, but you
installed program X from source, then this directory would be a good location for that software. Another
popular option for software of this nature is in the /usr/local directory.
/proc
The /proc directory is actually more than just a regular directory. It is actually a pseudo-filesystem of its
own that is mounted to that directory. The proc filesystem does not contain real files, but is instead
dynamically generated to reflect the internal state of the Linux kernel.
This means that we can check and modify different information from the kernel itself in real time. For
instance, you can get detailed information about the memory usage by typing cat /proc/meminfo.
/root
This is the home directory of the administrative user (called "root"). It functions exactly like the normal
home directories, but is housed here instead.
/run
This directory is for the operating system to write temporary runtime information during the early stages
of the boot process. In general, you should not have to worry about much of the information in this
directory.
/sbin
This directory is much like the /bin directory in that it contains programs deemed essential for using the
operating system. The distinction is usually that /sbin contains commands that are available to the
system administrator, while the other directory contains programs for all of the users of the system.
/selinux

Enroll : 167180363
This directory contains information involving security enhanced Linux. This is a kernel module that is
used to provide access control to the operating system. For the most part, you can ignore this.
/srv
This directory is used to contain data files for services provided by the computer. In most cases, this
directory is not used too much because its functionality can be implemented elsewhere in the filesystem.
/tmp
This is a directory that is used to store temporary files on the system. It is writable by anyone on the
computer and does not persist upon reboot. This means that any files that you need just for a little bit can
be put here. They will be automatically deleted once the system shuts down.
/usr
This directory is one of the largest directories on the system. It basically includes a set of folders that look
similar to those in the root / directory, such as /usr/bin and /usr/lib. This location is basically
used to store all non-essential programs, their documentation, libraries, and other data that is not required
for the most minimal usage of the system.
This is where most of the files on the system will be stored. Some important subdirectories are
/usr/local, which is an alternative to the /opt directory for storing locally compiled programs.
Another interesting thing to check out is the /usr/share directory, which contains documentation,
configuration files, and other useful files.
/var
This directory is supposed to contain variable data. In practice, this means it is used to contain
information or directories that you expect to grow as the system is used.
For example, system logs and backups are housed here. Another popular use of this directory is to store
web content if you are operating a web server.
Question 1 first try to execute the following commands on your operating system and wite down
the result and use of each command.
Man
Cd
Is,is –a
Cd
Pwd
cd..
Is –al
AnswersIntroduction to Unix commands

Enroll : 167180363
Following is a very brief introduction to some useful Unix commands, including examples of how to use
each command. For more extensive information about any of these commands, use the man command as
described below. Sources for more information appear at the end of this document.
On this page:
cd
This command changes your current directory location. By default, your Unix login session begins in
your home directory.
To switch to a subdirectory (of the current directory) named myfiles, enter:
cd myfiles
To switch to a directory named /home/dvader/empire_docs, enter:

cd /home/dvader/empire_docs
To move to the parent directory of the current directory, enter:

cd ..
To move to the root directory, enter:

cd /
To return to your home directory, enter:

cd
less and more
Both less and more display the contents of a file one screen at a time, waiting for you to press the
Spacebar between screens. This lets you read text without it scrolling quickly off your screen. The less
utility is generally more flexible and powerful than more, but more is available on all Unix systems
while less may not be.
To read the contents of a file named textfile in the current directory, enter:
less textfile
The less utility is often used for reading the output of other commands. For example, to read the output
of the ls command one screen at a time, enter:
ls -la | less
In both examples, you could substitute more for less with similar results. To exit either less or
more, press q . To exit less after viewing the file, press q .
Note: Do not use less or more with executables (binary files), such as output files produced by
compilers. Doing so will display garbage and may lock up your terminal.

Enroll : 167180363
lpr and lp
These commands print a file on a printer connected to the computer network. The lpr command is used
on BSD systems, and the lp command is used in System V. Both commands may be used on the UITS
systems.
To print a file named myfile on a printer named lp1 with lpr, enter:
lpr -Plp1 myfile
To print the same file to the same printer with lp, enter:
lp -dlp1 myfile
Note: Do not print to a printer whose name or location is unfamiliar to you.
ls
This command will list the files stored in a directory. To see a brief, multi-column list of the files in the
current directory, enter:
ls
To also see "dot" files (configuration files that begin with a period, such as .login ), enter:
ls -a
To see the file permissions, owners, and sizes of all files, enter:
ls -la
If the listing is long and scrolls off your screen before you can read it, combine ls with the utility, for
example:
ls -la | less
man
This command displays the manual page for a particular command. If you are unsure how to use a
command or want to find out all its options, you might want to try using man to view the manual page.
For example, to learn more about the ls command, enter:
man ls
To learn more about man, enter:

man man
If you are not sure of the exact command name, you can use man with the -k option to help you find
the command you need. To see one line summaries of each reference page that contains the keyword you
specify, enter:
man -k keyword
Replace keyword in the above example with the keyword which you want to reference. Also see

Enroll : 167180363
mkdir
This command will make a new subdirectory.

To create a subdirectory named mystuff in the current directory, enter:
mkdir mystuff
To create a subdirectory named morestuff in the existing directory named /tmp, enter:
mkdir /tmp/morestuff
Note: To make a subdirectory in a particular directory, you must have permission to write to that
directory.
pwd
This command reports the current directory path. Enter the command by itself:
pwd
Question 6 Display the names of all files in the home directory using find. Can you display the
names of all files n the home directory that are bigger than 500KB?
Finding Files in a Directory Tree
Use find to find specific files in a particular directory tree, specifying the name of the directory tree to
search, the criteria to match, and -- optionally -- the action to perform on the found files. (Unlike most
other tools, you must specify the directory tree argument before any other options.)
You can specify a number of search criteria, and format the output in various ways; the following sections
include recipes for the most commonly used find commands, as well as a list of find's most popular
options.
 Basic Find: The basic find options.

 Size Find: Finding files by size.
 Time Find: Finding files by date.
 Owner Find: Finding files by owner.
 Exec Find: Running commands on the files you find.
 Find Options: A list of find's many options.
Finding Files in a Directory Tree by Name
Use find to find files in a directory tree by name. Give the name of the directory tree to search through,
and use the `-name' option followed by the name you want to find.
 To list all files on the system whose file name is `top', type:
 $ find / -name top [RET]
This command will search all directories on the system to which you have access; if you don't have
execute permission for a directory, find will report that permission is denied to search the directory.

Enroll : 167180363
The `-name' option is case sensitive; use the similar `-iname' option to find name regardless of
case.
 To list all files on the system whose file name is `top', regardless of case, type:
 $ find / -iname top [RET]
This command would match any files whose name consisted of the letters `top', regardless of case --
including `Top', `top', and `TOP'.
Use file expansion characters (see Specifying File Names with Patterns) to find files whose names match
a pattern. Give these file name patterns between single quotes.
 To list all files on the system whose names begin with the characters `top', type:
 $ find / -name 'top*' [RET]
 To list all files whose names begin with the three characters `top' followed by exactly three
more characters, type:
 $ find / -name 'top???' [RET]
 To list all files whose names begin with the three characters `top' followed by five or more
characters, type:
 $ find / -name 'top?????*' [RET]
 To list all files in your home directory tree that end in `.tex', regardless of case, type:
 $ find ~ -iname '*.tex' [RET]
 To list all files in the `/usr/share' directory tree with the text `farm' somewhere in their
name, type:
 $ find /usr/share -name '*farm*' [RET]
Use `-regex' in place of `-name' to search for files whose names match a regular expression, or a
pattern describing a set of strings (see Regular Expressions -- Matching Text Patterns).
 To list all files in the current directory tree whose names have either the string `net' or
`comm' anywhere in their file names, type:
 $ find . -regex '.*$net\|comm$.*' [RET]
NOTE: The `-regex' option matches the whole path name, relative to the directory tree you specify,
and not just file names.
Question 9 Change your password and write down the restrictions for given password?
Answers .6 Changing Passwords
Changing passwords on a regular basis promotes system security. To change your password, enter the
DCL command SET PASSWORD.
The system manager can allow you to select a password on your own or can require that you use the
automatic password generator when you change your password. If you select your own password, note
that the password must follow system restrictions on length and acceptability (see Section 2.2.3).
There is no restriction on how many times you can change your password in a given period of time.
The following example shows a password choice that is too short:

Enroll : 167180363
$ SET PASSWORD
Old password:
New password:
%SET-F-INVPWDLEN, password length must be between 12 and 32
characters; password not changed
2.6.1 Selecting Your Own Password
If your system manager does not require use of the automatic password generator, the SET PASSWORD
command prompts you to enter the new password. It then prompts you to reenter the new password for
verification, as follows:
$ SET PASSWORD [Return]

New password: [Return]
Verification: [Return]
If you fail to enter the same new password twice, the password is not changed. If you succeed in these
two steps, there is no notification. The command changes your password and returns you to the DCL
prompt.
Even though your security administrator might not require the password generator, you are strongly
encouraged to use it to promote the security of your system.
2.6.2 Using Generated Passwords
If your system security administrator decides that you must let the system generate the password for you
automatically, the system provides you with a list of password choices when you enter the DCL command
SET PASSWORD. (If your system is not set up to use automatically generated passwords, you can use
them by specifying the SET PASSWORD command with the /GENERATE qualifier.) The character
sequence resembles native language words to make it easy to remember, but it is unusual enough to be
difficult for outsiders to guess.
Because system-generated passwords vary in length, they become even more difficult to guess.
Note
The password generator uses basic syllabic rules to generate words but has
no real knowledge of any language. As a result, it can unintentionally produce
words that are offensive.
In the following example, the system automatically generates a list of passwords made up of random
sequences of characters. The minimum password length for the user in the following example has been
set to 8 characters in their UAF record.
$ SET PASSWORD
Old password: [Return] (1)
reankuna rean-ku-na (2)

Enroll : 167180363
cigtawdpau cig-tawd-pau
adehecun a-de-he-cun
ceebatorai cee-ba-to-rai
arhoajabad ar-hoa-ja-bad
Choose a password from this list, or press Return to get a new list
(3)
New password: [Return] (4)
Verification: [Return] (5)
$ (6)
Note the following about the example:
1. The user correctly specifies the old password and presses the Return key.
2. The system responds with a list of five password choices ranging in length from 8 to 10
characters. Usually, the password that is easiest to pronounce is easiest to remember;
therefore, it is the best choice.
On OpenVMS VAX systems, representations of the same word divided into syllables are
displayed to the right of each password choice (as shown here).
3. The system informs the user that it is possible to request a new list by pressing the Return key in
response to the prompt for a new password.
4. The user enters one of the first five possible passwords and presses the Return key.
5. The system recognizes that this password is one provided by the automatic password generator
and responds with the verification prompt. The user enters the new password again and presses
Return.
6. The system changes the password and responds with the DCL prompt.
2.6.3 Generated Passwords: Disadvantages
There are two disadvantages to using generated passwords:
 There is a possibility that you might not remember your password choice. However, if you
dislike all the password choices in your list or think none are easy to remember, you can always
request another list.
 There is a potential for disclosure of password choices from the display that the command
produces. To protect your account, change your password in private. If you perform the change
on a video terminal, clear the display of password choices from the screen after the command
finishes. If you use a printing terminal, properly dispose of all hardcopy output.
If you later realize that you failed to protect your password in these ways, change your password
immediately. Depending on site policy or your own judgment concerning the length of time your
account was exposed, you should notify your security administrator that a security breach could
have occurred through your account.

Enroll : 167180363
2.6.4 Changing a Secondary Password
To change a secondary password, use the DCL command SET PASSWORD/SECONDARY. You are
prompted to specify the old secondary password and the new secondary password, just as in the procedure
for changing the primary password. To remove a secondary password, press the Return key when you are
prompted for a new password and verification.
You can change primary and secondary passwords independently, but both are subject to the same change
frequency because they share the same password lifetime.
2.6.5 Changing Passwords at Login
Even if your current password has not yet expired, you can change your password when you log in to the
system by including the /NEW_PASSWORD qualifier with your user name. When you enter the
/NEW_PASSWORD qualifier after your user name, the system prompts you to set a new password
immediately after login.
The following example shows how to change your password when you log in:
WILLOW - A member of the Forest Cluster
Username: RWOODS/NEW_PASSWORD
Password:
Welcome to OpenVMS on node WILLOW
Last interactive login on Tuesday, 7-NOV-1999 10:20
Last non-interactive login on Monday, 6-NOV-1999 14:20
Your password has expired; you must set a new password to log in
New password:
Verification:
2.7 Password and Account Expiration Times
Your system manager can set up your account so that your password, or the account itself, expires
automatically on a particular date and time. Password expiration times promote system security by
forcing you to change your password on a regular basis. Account expiration times help to ensure that
accounts are available only for as long as they are needed.
2.7.1 Expired Passwords
As you approach the expiration time of your password, you receive an advance warning message. The
message first appears 5 days before the expiration date and at each subsequent login. The message
appears immediately below the new mail message and sounds the bell character on your terminal to
attract your attention. The message indicates that your password is expiring, as follows:
WARNING -- Your password expires on Thursday 11-DEC-1999 15:00
If you fail to change your password before it expires, you receive the following message when you log in:

Enroll : 167180363
Your password has expired; you must set a new password to log in
New password:
The system prompts you for a new password or, if automatic password generation is enabled, asks you to
select a new password from those listed. You can abort the login by pressing Ctrl/Y. At your next login
attempt, the system again prompts you to change your password.
2.7.2 Using Secondary Passwords
If secondary passwords are in effect for your account (see Section 2.2.4), the secondary password expires
at the same time as the primary one. You are prompted to change both passwords. If you change the
primary password and press Ctrl/Y before changing the secondary password, the login fails. The system
does not record a password change.
2.7.3 Failure to Change Passwords
If the system manager decides not to force you to change your expired password upon logging in, you
receive one final warning when you log in after your password expires, as follows:
WARNING -- Your password has expired; update immediately with

SET PASSWORD!
At this point, if you do not change the password or if the system fails before you have the opportunity to
do so, you will be unable to log in again. To regain access, see your system manager.
2.7.4 Expired Accounts
If you need your account for a specific purpose for a limited time only, the person who creates your
account may specify a period of time after which the account lapses. For example, student accounts at
universities are typically authorized for a single semester at a time.
Expired accounts deny logins automatically. You receive no advance warning message before the account
expiration date, so it is important to know in advance your account duration. The account expiration
resides in the UAF record, which can be accessed and displayed only through the use of the OpenVMS
Authorize utility (AUTHORIZE) by users with the SYSPRV privilege or equivalent---normally, your
system manager or security administrator.
When your account expires, you receive an authorization failure message at your next attempted login. If
you need an extension, follow the procedures defined at your site.
2.8 Guidelines for Protecting Your Password
Illegal system accesses involving the use of a correct password are more often traced to disclosure of the
password by its owner than to surreptitious discovery. It is vital that you do not reveal your password to
anyone.
You can best protect your password by observing the following rules:

Enroll : 167180363
 Select reasonably long passwords that cannot be guessed easily. Avoid using words in your
native language that appear in a dictionary. Consider including numbers in your password.
Alternatively, let the system generate passwords for you automatically.
 Never write down your password.
 Never give your password to another user. If another user obtains your password, change it
immediately.
 Do not include your password in any file, including the body of an electronic mail message. (If
anyone else reveals a password to you, delete the information promptly.)
The character strings that appear in conjunction with your actual password can make it easy for
someone to find your password in a file. For example, a quotation mark followed by two colons
("::) always comes after a user name and password in an access control string. Someone
attempting to break into the system could obtain your password by searching inadequately
protected files for this string. Another way in which you might reveal your password is by using
the word "password" in a text file, for example:
Session 3 Linux/ Unix operating System

Question 4 write a shell script, which returns the PID of a process and accept the name of the process.
6 down vote favorite
I tried this code and it is not working

#!/bin/sh
#Find the Process ID for syncapp running instance
PID=`ps -ef | grep syncapp 'awk {print $2}'`
if [[ -z "$PID" ]] then
Kill -9 PID
fi
It is showing a error near awk.

Any suggestions please.
Actually the easiest way to do that would be to pass kill arguments like below:
ps -ef | grep "your_process" | awk '{print $2}' | xargs kill
Hope it helps.
Shell Scripting: Getting a pid and killing it via a shell script
[Log in to get rid of this advertisement]

find pid which is in /usr/local/var/slapd.pid
store in variable
kill variable
restart slapd

Enroll : 167180363
I am trying to write a shell script to get the process id of a particular process (slapd)
and then kill that using 'kill -9 $pid'.
I can get the pid by using prid= pidof slapd

An echo of this for testing gives me the pid number followed by a blank line and then the
prompt.
Now the problem is when I am trying to use this variable in various forms in the shell script
and get errors.
option 1:
kill -9 $prid
Output:
20685
kill: usage: kill [-s sigspec | -n signum | -sigspec] [pid | job]... or kill -l [sigspec]
=========================
Option 2:
actual= "kill -9 $prid"
echo $actual
Output:
20685
./testscript: line 4: kill -9 : command not found
==========================
Option 3:
actual="kill -9 $prid"
echo $actual
Output:
20685
kill -9
#The process is still running.
Can you shed some light on where I am going wrong?

Thank you very much. All help appreciated.
#2
11-20-2004, 11:52 AM

Enroll : 167180363
perfect_circle maybe you don't get the pid correct.

Senior Member
try
Registered: Oct 2004 echo $prid
Location: Athens, Greece after you store it in the $prid variable to
Distribution: Slackware, arch see what the variable contains
Posts: 1,783
Rep:
Question 5 use ping to find the round trip delay to www.ignou.ac .in?
Answer One problem that must be resolved when using a Transmission Control Protocol (TCP) is how
to deal with timeouts and retransmissions. The round-trip delay time (RTD) or round-trip time (RTT)
is a big factor in helping to decide what to do in each case. RTT may also be used to find the best possible
route.
In telecommunications, the RTT is the length of time it takes for a signal to be sent plus the length of time
it takes for an acknowledgment of that signal to be received.
In the context of computer networks, the signal is generally a data packet, and the RTT time is also
known as the ping time. An internet user can determine the RTT by using the ping command.
In space technology, the round-trip delay time or Round Trip Light Time is the time light (and hence any
signals) takes to go to the spacecraft and to return.
Network links with both a high bandwidth and a high RTT can have a very large amount of data (the
bandwidth-delay product) "in flight" at any given time. Such "long fat pipes" require a special protocol
design. One example is the TCP window scale option. In telecommunications, the round-trip delay time
(RTD) or round-trip time (RTT) is the length of time it takes for a signal to be sent plus the length of
time it takes for an acknowledgment of that signal to be received. This time delay therefore consists of the
propagation times between the two points of a signal.
 In the context of computer networks, the signal is generally a data packet, and the RTT is also
known as the ping time. An internet user can determine the RTT by using the ping command.
 In space technology, the round-trip delay time or round trip light time is the time light (and
hence any signal) takes to go to a space probe and return.
Network links with both a high bandwidth and a high RTT can have a very large amount of data (the
bandwidth-delay product) "in flight" at any given time. Such "long fat pipes" require a special protocol
design. One example is the TCP window scale option.
The RTT was originally estimated in TCP by:
RTT = (α · Old_RTT) + ((1 − α) · New_Round_Trip_Sample)[1]
Where α is constant weighting factor(0 ≤ α < 1). Choosing a value α close to 1 makes the weighted
average immune to changes that last a short time (e.g., a single segment that encounters long delay).
Choosing a value for α close to 0 makes the weighted average respond to changes in delay very quickly.
This was improved by the Jacobson/Karels algorithm, which takes standard deviation into account as
well.
Once a new RTT is calculated, it is entered into the equation above to obtain an average RTT for that
connection, and the procedure continues for every new calculation.

Enroll : 167180363
Examples:
 200 ms RTT for a connection using UDT (UDP-based Data Transfer Protocol) equates to a 12,000
mile round trip path length.
The RTT was originally estimated in TCP by: RTT = (α * Old_RTT) + ((1-α) *
New_Round_Trip_Sample)[1] This was improved by the Jacobson/Karel algorithm, which takes standard
deviation into account as well.
Once a new RTT is calculated, it is entered into the equation above to obtain an average RTT for that
connection, and the procedure continues for every new calculation.
Question 9 use telnet and ftp to get connected with other remote machine. Write the problems
your encounter during connection with remote machine.?
Answer grep Command
Purpose
Searches for a pattern in a file.
Syntax
grep [ -E | -F ] [ -i ] [ -h ] [ -H ] [ -L ] [ -r | -R ] [ -s ][ -u ] [ -v ] [ -w ] [ -x ] [ -y ] [ [ [ -b ] [ -n ] ] | [ -c | -l
| -q ] ] [ -p [ Separator ] ] { [ -e PatternList ... ] [ -f PatternFile ... ] | PatternList ... } [ File ... ]
Description
The grep command searches for the pattern specified by the Pattern parameter and writes each matching
line to standard output. The patterns are limited regular expressions in the style of the ed or egrep
command. The grep command uses a compact non-deterministic algorithm.
The grep command displays the name of the file containing the matched line if you specify more than one
name in the File parameter. Characters with special meaning to the shell ($, *, [, |, ^, (, ), \ ) must be in
quotation marks when they appear in the Pattern parameter. When the Pattern parameter is not a simple
string, you usually must enclose the entire pattern in single quotation marks. In an expression such as [a-
z], the - (minus sign) cml specifies a range, according to the current collating sequence. A collating
sequence may define equivalence classes for use in character ranges. If no files are specified, grep
assumes standard input.
Notes:
1. Do not run the grep command on a special file because it produces unpredictable results.Input
lines should not contain the NULL character.
2. Input files should end with the newline character.
3. The newline character will not be matched by the regular expressions.
4. Although some flags can be specified simultaneously, some flags override others. For example,
the -l option takes precedence over all other flags. And if you specify both the -E and -F flags, the
last one specified takes priority.

Enroll : 167180363
Flags
Item Description
-b Precedes each line by the block number on which it was found. Use this flag
to help find disk block numbers by context. The -b flag cannot be used with
input from stdin or pipes.
-c Displays only a count of matching lines.
-E Treats each pattern specified as an extended regular expression (ERE). A
NULL value for the ERE matches every line.
Note: The grep command with the -E flag is the same as the egrep
command, except that error and usage messages are different and the -s
flag functions differently.
-e PatternList Specifies one or more search patterns. This works like a simple pattern but
is useful when the pattern begins with a - (minus). Patterns should be
separated by a new-line character. A NULL pattern can be specified by two
adjacent new-line characters or a quotation mark followed by a new-line
character ("\n). Each pattern is treated like a basic regular expression (BRE)
unless the -E or -F flag is also specified. Multiple -e and -f flags are accepted
by grep. All of the specified patterns are used when matching lines, but the
order of evaluation is unspecified.
-F Treats each specified pattern as a string instead of a regular expression. A
NULL string matches every line.
Note: The grep command with the -F flag is the same as the fgrep
command, except that error and usage messages are different and the -s
flag functions differently.
-f PatternFile Specifies a file containing search patterns. Each pattern should be
separated by a new-line character, and an empty line is considered a NULL
pattern. Each pattern is treated like a basic regular expression (BRE), unless
the -E or -F flag is also specified.
-h Prevents the name of the file containing the matching line from being
appended to that line. Suppresses file names when multiple files are
specified.
-H If the -r or -R option is specified and a symbolic link referencing a file of
type directory is specified on the command line, grep will search the files of
the directory referenced by the symbolic link and all the files in the file
hierarchy below it.
-i Ignores the case (uppercase or lowercase) of letters when making
comparisons.
Item Description
-l Lists just the names of files (once) which contain matching lines. Each file
name is separated by a new-line character. If standard input is searched, a

Enroll : 167180363
Item Description
path name of (StandardInput) is returned. The -l flag with any
combination of the -c and -n flags behaves like the -l flag only.
-L If the -r or -R option is specified and a symbolic link referencing a file of
type directory is specified on the command line or encountered during the
traversal of a file hierarchy, grep shall search the files of the directory
referenced by the symbolic link and all the files in the file hierarchy below
it. If both -H and -L are specified, the last option specified on the command
line takes effect.
-n Precedes each line with the relative line number in the file. Each file starts
at line 1, and the line counter is reset for each file processed.
-p[Separator] Displays the entire paragraph containing matched lines. Paragraphs are
delimited by paragraph separators, as specified by the Separator
parameter, which are patterns in the same form as the search pattern.
Lines containing the paragraph separators are used only as separators; they
are never included in the output. The default paragraph separator is a
blank line.
-q Suppresses all writing to standard output, regardless of matching lines.
Exits with a zero status if an input line is selected. The -q flag with any
combination of the -c, -l and -n flags behaves like the -q flag only.
-r Searches directories recursively. By default, links to directories are
followed.
-R Searches directories recursively. By default, links to directories are not
followed.
-s Suppresses error messages ordinarily written for nonexistent or unreadable
files. Other error messages are not suppressed.
-u Causes output to be unbuffered.
-v Displays all lines not matching the specified pattern.
-w Does a word search.
-x Displays lines that match the specified pattern exactly with no additional
characters.
-y Ignores the case of letters when making comparisons.
PatternList Specifies one or more patterns to be used during the search. The patterns
are treated as if they were specified using the -e flag.
File Specifies a name of a file to be searched for patterns. If no File variable is
given, the standard input is used.
Exit Status

Enroll : 167180363
This command returns the following exit values:

Item Description
0 A match was found.
1 No match was found.
>1 A syntax error was found or a file was inaccessible (even if matches were found).
Examples
1. To use a pattern that contains some of the pattern-matching characters *, ^, ?, [, ], $, $, \{, and
\}, enter:
grep "^[a-zA-Z]" pgm.s
This displays every line in pgm.s whose first character is a letter.

2. To display all lines that do not match a pattern, enter:
grep -v "^#" pgm.s
This displays every line in pgm.s whose first character is not a # (pound sign).
3. To display all lines in the file1 file that match either the abc or xyz string, enter:
grep -E "abc|xyz" file1
4. To search for a $ (dollar sign) in the file named test2, enter:

grep \\$ test2
The \\ (double backslash) characters are necessary in order to force the shell to pass a \$
(single backslash, dollar sign) to the grep command. The \ (single backslash) character tells the
grep command to treat the following character (in this example the $) as a literal character
rather than an expression character. Use the fgrep command to avoid the necessity of using
escape characters such as the backslash.
5. To search recursively through /tmp to find files which have the word IBM without recursing
through links pointing to directories, type:
grep –R IBM /tmp
OR
grep –r -H IBM /tmp
6. To search recursively through /tmp to find files which have the word IBM and recurse through
links as well, type:
grep –r IBM /tmp
OR
grep -R -L IBM /tmp

Enroll : 167180363
Question 6 Window 2000 server Management

Question install and configure windows 2000 client
Answer
Configuring Windows 2000 for Client-Server Mode
Step 1: Create a Windows username prtracker

The steps for creating a Windows user depend on whether the computer acting as the PR-Tracker server is
a domain controller or not. If you don't know if the server is a domain controller, click the start menu and
check the popup menu for Programs | Administrative Tools | Active Directory Users and Computers.
If that menu item exists, the server is a domain controller. Using a server that is not a domain controller
is recommended for better security.
Creating a domain user on Windows 2000 (server is a domain controller)
Creating a local user on Windows 2000 (server is not a domain controller)
Step 2: Configure PRTRACK.DLL under component services
1. From the Windows Start menu select Programs | Administrative Tools | Component Services
2. In the Component Services dialog, navigate down to My Computer | COM+ Applications
3. Right click COM+ Applications and select New | Application from the popup menu.
4. Press Next on the COM Application Install Wizard and then Create an Empty Application
5. In the dialog to Create Empty Application , enter PR-Tracker for the application name and select
option Server Application. Click Next.
6. To Set Application Identity choose option This User and enter prtracker for the username. Enter
the password you gave PR-Tracker in Step 1 and click Next and then Finish.
7. In the Component Services dialog, navigate down to PR-Tracker | Components. Right click
Components and from the popup menu select New | Component. This will start the COM
Component Install Wizard.
8. From the COM Component Install Wizard click Next and Install New Component.
9. In the Select Files to Install dialog find PRTRACK.DLL and double click it.
10. Press Next and then Finish and then close Component Services to complete the configuration.
Step 3: Share the NETSETUP folder with share name PRTRACKER

By default, the NETSETUP folder is installed at C:\Program Files\PR-
Tracker\PRTRACKERDB\NETSETUP. Using Explorer, locate the folder for NETSETUP and right
click on the folder. Select Sharing... from the popup menu (if you don't see Sharing... then
you need to login as an administrator). Share the folder with share name PRTRACKER and set
permissions so that the right people have read privilege.
Step 4: Optionally configure SQL SERVER
This step is only necessary if you plan to use SQL Server as the database provider. By default PR-Tracker
stores the database in Access 2000 format. PR-Tracker installs all the components required to use Access
2000 as the database provider, but if you want to use SQL Server as the database provider, the computer
acting as the PR-Tracker server must have SQL server installed and SQL Server must be configured to
work with PR-Tracker. See Configuring SQL Server.
Question 2 Install and configure windows 2000 server
Answers

Enroll : 167180363
The Domain Name System (DNS) is the Active Directory locator in Windows 2000. Active Directory
clients and client tools use DNS to locate domain controllers for administration and logon. You must have
a DNS server installed and configured for Active Directory and the associated client software to function
correctly. This article guides you through the required DNS configuration.
Install Microsoft DNS Server
1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Click Add and Remove Windows Components.
4. The Windows Components Wizard starts. Click Next.
5. Click Networking Services, and then click Details.
6. Click to select the Domain Name System (DNS) check box, and then click OK.
7. Click OK to start server Setup. The DNS server and tool files are copied to your computer.
8. Continue to the next step to configure the DNS server.
Configure the DNS Server Using DNS Manager
These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft
Management Console (MMC).
1. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager. You
see two zones under your computer name: Forward Lookup Zone and Reverse Lookup Zone.
2. The DNS Server Configuration Wizard starts. Click Next.
3. If the Wizard does not auto-start, right-click your server name object in the DNS Manager
console and choose Configure your Server.
4. Choose to add a forward lookup zone. Click Next. The new forward lookup zone must be a
primary zone so that it can accept dynamic updates. Click Primary, and then click Next.
5. The zone name must be exactly the same as your Active Directory Domain name, or, if on a
stand-alone or workgroup environment - the same as the suffix for all of the network computers
that are to register with this DNS server. Type the name of the zone, and then click Next.
6. Accept the default name for the new zone file. Click Next.
7. Choose to add a reverse lookup zone now. Click Next.

Enroll : 167180363
8. Click Primary, and then click Next.

9. Type the name of the zone, and then click Next. The zone name should match the Network ID of
your local subnet. For example, if your subnet range is from 192.168.0.1 to 192.168.0.254, type
192.168.0 in the name value.
10. Accept the default name for the new zone file. Click Next.
11. Click Finish to complete the Server Configuration Wizard.
After the Server Configuration Wizard is finished, DNS Manager starts. Proceed to the next step to enable
dynamic update on the zone you just added.
Enable Dynamic Update on the Forward and Reverse Lookup Zones (Optional - Recommended)
1. In DNS Manager, expand the DNS Server object.
2. Expand the Forward Lookup Zones folder.
3. Right-click the zone you created, and then click Properties.
4. On the General tab, click to select the Allow Dynamic Update check box, and then click OK to
accept the change.
5. Do the same for the Reverse Lookup Zone.

Enroll : 167180363
Enable DNS Forwarding for Internet connections

1. Click Start, point to Programs, point to Administrative Tools, and then click DNS to start the
DNS Management Console.
2. Right click the DNS Server object for your server in the left pane of the console, and click
Properties.
3. Click the Forwarders tab.

4. Check the Enable forwarders check-box.
5. In the IP address box enter the IP address of the DNS servers you want to forward queries to -
typically the DNS server of your ISP. You can also move them up or down. The one that is
highest in the list gets the first try, and if it does not respond within a given time limit - the query
will be forwarded to the next server in the list.
Question install and configure the DHCP Server service.

Answer Before you can configure the DHCP service, you must install it on the server. DHCP is not
installed by default during a typical installation of Windows Standard Server 2003 or Windows
Enterprise Server 2003. You can install DHCP either during the initial installation of Windows Server
2003 or after the initial installation is completed.
How to Install the DHCP Service on an Existing Server
1. Click Start, point to Control Panel, and then click Add or Remove Programs.
2. In the Add or Remove Programs dialog box, click Add/Remove Windows Components.
3. In the Windows Components Wizard, click Networking Services in the Components list, and
then click Details.
4. In the Networking Services dialog box, click to select the Dynamic Host Configuration Protocol
(DHCP) check box, and then click OK.
5. In the Windows Components Wizard, click Next to start Setup. Insert the Windows Server 2003
CD-ROM into the computer's CD-ROM or DVD-ROM drive if you are prompted to do so. Setup
copies the DHCP server and tool files to your computer.
Enroll : 167180363
6. When Setup is completed, click Finish.
How to Configure the DHCP Service
After you have installed the DHCP service and started it, you must create a scope, which is a range of
valid IP addresses that are available for lease to the DHCP client computers on the network. Microsoft
recommends that each DHCP server in your environment have at least one scope that does not overlap
with any other DHCP server scope in your environment. In Windows Server 2003, DHCP servers in an
Active Directory-based domain must be authorized to prevent rogue DHCP servers from coming online.
Any Windows Server 2003 DHCP Server that determines itself to be unauthorized will not manage
clients
The DHCP Server Is Unavailable

If a DHCP server does not provide leased addresses to clients, it is frequently because the DHCP service
did not start. If this is the case, the server may not be authorized to operate on the network. If you were
previously able to start the DHCP service, but it has since stopped, use Event Viewer to check the System
log for any entries that may explain why you cannot start the DHCP service.
To restart the DHCP service:

1. Click Start, and then click Run.
2. Type cmd, and then press ENTER.
3. Type net start dhcpserver, and then press ENTER.
-or-
1. Click Start, point to Control Panel, point to Administrative Tools, and then click Computer
Management.
2. Expand Services and Applications, and then click Services.
3. Locate and then double-click DHCP Server.
4. Verify that Startup is set to Automatic and that Service Status is set to Started. If not, click
Start.
5. Click OK, and then close the Computer Management window.
Installing and Configuring DHCP
If you have worked with Windows NT at all, you are probably familiar with Dynamic Host Configuration
Protocol (DHCP) — a server service that enables the server to dynamically assign IP addresses to
network clients. Because Windows 2000 networking has TCP/IP as its foundation, DHCP also plays an
important role in Windows 2000 networks.
For the exam, you need to know how to install and configure DHCP on a Windows 2000 server, as well
as how to manage its operations.
Installing DHCP
As with other networking components in Windows 2000 Server, you can install DHCP in either of two
ways:
 Using Add/Remove Programs in the Control Panel
 Using the Configure Your Server tool

Enroll : 167180363
Like most other Windows 2000 components, DHCP functions as a Microsoft Management Console
(MMC) snap-in. After you install DHCP, you must configure the service for operation.
To open the DHCP Manager, click Start --> Programs --> Administrative Tools --> DHCP. The right
pane within the snap-in tells you that you must configure the service.
DHCP does not begin leasing IP addresses and it is not functional until an administrator configures it.
Question 5 Confguring windows 2000 client to use DHCP,DNS,and WINS.
Configure Windows 2000 client to use DHCP, DNS and WINS?

Follow
 ✓
Follow publicly
 ✓
Follow privately
 Unfollow
Best Answer
 ravi s answered 6 years ago
please specify the question neatly.. and meaningfully.
 Rate
 Comment

Follow
 ✓
Follow publicly
 ✓
Follow privately
 Unfollow
Best Answer
 ravi s answered 6 years ago
 Rate
 Comment
 Rate
 Comment

Follow

Enroll : 167180363
 ✓
Follow publicly
 ✓
Step 1
Step 2
Step 3

Enroll : 167180363
Step 4
step 5

Enroll : 167180363
Step 6
step 7

Enroll : 167180363
Step 8
Step 9

Enroll : 167180363
Step 10
Step11

Enroll : 167180363
Step 12
Question 6 Configuring a windows Clint as a VPN Client

Answer
Question Install and configure Microsoft certificate server
Answer Microsoft Certificate Services can be installed on the domain controller on the internal network
and issue certificates to hosts within the internal network domain, as well as to hosts that are not members
of the Internal network domain. We will use certificates in a variety of configuration scenarios in this ISA
Server 2004 Configuration Guide series, including to accomplish the following:

Enroll : 167180363
 Allow the ISA Server 2004 firewall to use the L2TP/IPSec VPN protocol for a site-to-site VPN
link
 Allow the ISA Server 2004 firewall to use the L2TP/IPSec VPN protocol for a VPN client
connection from a remote access VPN client
 Enable remote users to access the Outlook Web Access site using highly secure SSL-to-SSL
bridged connections
 Publish secure Exchange SMTP and POP3 services to the Internet
The certificates enable us to use SSL/TLS security. The SSL (Secure Sockets Layer) protocol is a session
layer protocol that encrypts data moving between the client and server machines. SSL security is
considered the current standard for providing secure remote access to Web sites. In addition, certificates
can be used to confirm the identity of VPN clients and servers so that mutual machine authentication can
be performed.
In this document we will discuss the following procedures:
 Installing Internet Information Services 6.0 to support the Certificate Authority’s Web enrollment
site
 Installing Microsoft Certificate Services in Enterprise CA mode
Install Internet Information Services 6.0
The Certificate Authority’s Web enrollment site uses the Internet Information Services World Wide
Publishing Service. Because Exchange 2003 has already been installed on this machine, we will not need
to manually install the IIS Web services. The Exchange 2003 setup routine requires that you install the IIS
Web services so that the Outlook Web Access site functions properly. However, you should confirm that
the WWW Publishing Service is enabled before starting installation of the Enterprise CA.
Perform the following steps to confirm that the WWW Publishing Service is running on the domain
controller:
1. Click Start and point to Administrative Tools. Click Services.
2. In the Services console, click the Standard tab in the right pane. Scroll down to the bottom of the
list and find the World Wide Web Publishing Service entry. Double-click that entry.
3. In the World Wide Web Publishing Server Properties dialog box, confirm that the Startup
type is set to Automatic, and that the Service status is Started.
4. Click Cancel and close the Services console.

Now that we’ve confirmed that the WWW Publishing Service is started, the next step is to install the
Enterprise CA software.
Install Microsoft Certificate Services in Enterprise CA Mode
Microsoft Certificate Services will be installed in Enterprise CA mode on the domain controller. There
are several advantages to installing the CA in enterprise mode versus stand-alone mode. These include:
 The root CA certificate is automatically entered into the Trusted Root Certification Authorities
certificate store on all domain member machines
 You can use the Certificates MMC snap-in to easily request a certificate. This greatly simplifies
requesting machine and Web site certificates
 All machines can be assigned certificates using the Active Directory autoenrollment feature
 All domain users can be assigned user certificates using the Active Directory autoenrollment
feature
Note that you do not need to install the CA in enterprise mode. You can install the CA in stand-alone
mode, but we will not cover the procedures involved with installing the CA in stand-alone mode or how
to obtain a certificate from a stand-alone CA in this ISA Server 2004 Configuration Guide series.
Perform the following steps to install the Enterprise CA on the EXCHANGE2003BE domain controller
computer:

Enroll : 167180363
1. Click Start, and then point to Control Panel. Click Add or Remove Programs.
2. In the Add or Remove Programs window, click the Add/Remove Windows Components
button on the left side of the window.
3. On the Windows Components page, scroll through the list and put a check mark in the
Certificate Services check box. Click Yes in the Microsoft Certificate Services dialog box
informing you that you may not change the name of the machine or the machine’s domain
membership while it is acting as a CA. Click Yes to continue.
4. Click Next on the Windows Components page.
5. On the CA Type page, select the Enterprise root CA option and click Next.
6. On the CA Identifying Information page, enter a name for the CA in the Common name for
this CA text box. This should be the DNS host name for the domain controller. Ideally, you will
have configured a split DNS infrastructure and this name will be accessible from internal and
external locations, so that external hosts will be able to check the certificate revocation list. We
will not cover the issue of a split DNS infrastructure in this document. You can find more
information about designing and configuring a split DNS infrastructure in the ISA Server 2000
Branch Office Kit document “DNS Considerations for ISA Server 2000 Branch Office Networks”
at http://www.tacteam.net/isaserverorg/isabokit/9dnssupport/9dnssupport.htm. In this example we
will enter the domain controllers NetBIOS name, EXCHANGE2003BE. Click Next.

Enroll : 167180363
7. If the same machine had been configured as a CA in the past, you will be presented with a dialog
box asking if you want to overwrite the existing key. If you have already deployed certificates to
hosts on your network, then do not overwrite the current key. If you have not yet deployed
certificates to hosts on your network, then choose to overwrite the existing key. In this example,
we have not previously installed a CA on this machine and we do not see this dialog box.
8. In the Certificate Database Settings page, use the default locations for the Certificate Database
and Certificate database log text boxes. Click Next.
9. Click Yes in the Microsoft Certificate Services dialog box informing you that Internet
Information Services must be restarted. Click Yes to stop the service. The service will be
restarted for you automatically.
10. Click OK in the Insert Disk dialog box. In the Files Needed dialog box, enter the path to the
i386 folder in the Copy file from text box and click OK.
11. Click Finish on the Completing the Windows Components Wizard page.
12. Close the Add or Remove Programs window.
At this point, the Enterprise CA is able to issue certificates to machines through autoenrollment, the
Certificates mmc snap-in, or through the Web enrollment site. Later in this ISA Server 2004 Getting
Start Guide series, we will issue a Web site certificate to the OWA Web site and also issue machine
certificates to the ISA Server 2004 firewall computer and to an external VPN client and VPN gateway
(VPN router) machine.
Session 7 Windows 2000 Advanced Networking

Question Implement different groups in a workgroup and in a domain also.
Question 5 Install the RIP and OSPF protocols.
Answer Installing RIP and OSPF
1. Open the RRAS MMC console by selecting Start > Administrative Tools > Routing
And Remote Access.
1. Terminal Services check box.
2. On the New menu, click Add Users.

Enroll : 167180363
Answer
Introduction
Printing is managed on Mageia by a server named CUPS. It has its own configuration interface which is
accessible via an Internet browser, but Mageia offers its own tool for installing printers called system-
config-printer which is shared with other distributions such as Fedora, Mandriva, Ubuntu and openSUSE.
You should enable the non-free repository before proceeding with the installation, because some drivers
may only be available in this way.
Printer installation is carried out in the Hardware section of the Mageia Control Centre. Select the
Configure printing and scanning tool[5].
MCC will ask for the installation two packages:
task-printing-server
task-printing-hp
It is necessary to accept this installation to continue. Up to 230MB of dependencies are needed.
To add a printer, choose the "Add" printer button. The system will try to detect any printers and the ports
available. The screenshot displays a printer connected to a parallel port. If a printer is detected, such as a
printer on a USB port, it will be displayed on the first line. The window will also attempt to configure a
network printer.
Automatically detected printer
This usually refers to USB printers. The utility automatically finds the name of the printer and displays it.
Select the printer and then click "Next". If there is a known driver associated for the printer, it will be
automatically installed. If there is more than one driver or no known drivers, a window will ask you to
select or furnish one, as explained in the next paragraph. Continue with the section called “Complete the
installation process”

Enroll : 167180363
No automatically detected printer
When you select a port, the system loads a driver list and displays a window to select a driver. The choice
can be made through one of the following options.
 Select printer from database
 provide PPD file
 search for a driver to download
By selecting from the database, the window suggests a printer manufacturer first, and then a device and a
driver associated with it. If more than one driver is suggested, select one which is recommended, unless
you have encountered some problems with that one before, in this case select the one which know to
work.
The other protocols are:

 Internet Printing Protocol (ipp): a printer which can be accessed on a TCP/IP network via the IPP
protocol, for example a printer connected to a station using CUPS. This protocol may also be
used also by some ADSL-routers.
 Internet Printing Protocol (https): the same as ipp, but using http transport and with TLS secured
protocol. The port has to be defined. By default, the port 631 is used.

Enroll : 167180363
 Internet Printing Protocol (ipps): the same as ipp, but with TLS secured protocol.
 LPD/LPR host or Printer: a printer which can be accessed on a TCP/IP network via the LPD
protocol, for example a printer connected to a station using LPD.
 Windows printer via SAMBA: a printer connected to a station running Windows or a SMB server
and shared.
The URI can also be added directly. Here are some examples on how to form the URI:
 Appsocket
socket://ip-address-or-hostname:port
 Internet Printing Protocol (IPP)
ipp://ip-address-or-hostname:port-number/resource
http://ip-address-or-hostname:port-number/resource
 Line Printer Daemon (LPD) Protocol
lpd://username@ip-address-or-hostname/queue
Question 4 create a Hierarchical tree.
Directory Tree
1 out of 4 rated this helpful - Rate this topic
The directory tree recodesents the hierarchy of Active Directory objects for a given forest. The hierarchy
provides the basis both for using names for navigation and for defining the scope of search requests.
For every object in Active Directory, information is stored in the directory database that identifies
(references) the parent object; each object has exactly one parent. By virtue of these parent references, the
hierarchy of objects managed by Active Directory forms a tree structure in which the vertices are the
directory entries (class instances, or objects) and the connecting lines are the parent-child relationships
between the entries. The objects that populate the directory create this tree structure according to the rules
of the schema, which define what classes of objects are allowed to be created in which positions relative
to other objects. For example, the schema might dictate that a given class of object can be the child of one
class but not the child of another class.
The following are several architectural restrictions and requirements within the directory tree:
 Domain objects, which are containers, can be children only of other domain objects. For example,
a domain cannot be the child of an organizational unit.
 The root of the directory tree is called rootDSE , or directory root . RootDSE is an "imaginary"
object that has no hierarchical name or schema class, but it does have a set of attributes that
identify the contents of a given domain controller. Thus, rootDSE constitutes the root of the
directory tree from the perspective of the domain controller to which you are connected.
 Below the root of the tree, every directory has a root domain , which is the first domain created in
a forest. This domain always has a child container called Configuration, which contains
configuration data for the forest. The configuration data includes information about all services,
sites, and other domains (partitions) in the forest. The Configuration container has a child
container called Schema. The domain and the Configuration container, with its child Schema
container, recodesent the three default Active Directory directory partitions.
For more information about parent-child relationships, see "Active Directory Schema" and "Active
Directory Logical Structure" in this book.

Enroll : 167180363
RootDSE
The rootDSE (DSA-specific Entry) recodesents the top of the logical namespace for one domain
controller, and, therefore, it recodesents the top of the LDAP search tree. There is only one root for a
given directory, but the information stored in the root is specific to the domain controller to which you
connect. The attributes of rootDSE identify both the directory partitions (the domain, schema, and
configuration directory partitions) that are specific to one domain controller and the forest root domain
directory partition. Thus, the rootDSE provides a "table of contents" for a given domain controller.
The rootDSE publishes information about the LDAP server, including what LDAP versions it supports,
supported Simple Authentication and Security Layer (SASL) mechanisms, and supported controls, as
well as the distinguished name for its subschemaSubentry .
The following are the operational attributes on the rootDSE object. All LDAP servers recognize these
attribute names, but when the attribute corresponds to a feature that the server does not implement, the
attribute is absent.
subschemaSubentry The name of a subschema entry, which is used to administer information about
the schema; in particular, the object classes and attribute types that are supported. (For more information
about subschemaSubentry , see "Active Directory Schema" in this book.)
namingContexts Naming contexts (directory partitions) that this server masters (stores as a writable
replica) or shadows (stores as a read-only replica). This attribute allows a client to choose suitable base
objects for searching when the client has contacted a server.
supportedControl Object identifiers that identify the LDAP controls that the server supports. If the
server does not support any controls, this attribute is absent.
supportedSASLMechanisms The names of the SASL mechanisms that the server supports. SASL is a
standard for negotiating an authentication mechanism and (optionally) an encryption mechanism. If the
server does not support either type of mechanism, this attribute is absent.
supportedLDAPVersion The versions of LDAP that the server implements.
supportedExtension Object identifiers (known as "OIDs") that identify the supported extended
operations that the server supports. If the server does not support any extensions, this attribute is absent.
This attribute is absent by default for Active Directory servers.
altServer The values of this attribute are URLs of other servers that can be contacted when this server
becomes unavailable. If the server does not know of any other servers, this attribute is absent. This
attribute is absent by default for Active Directory servers.
In addition to the operational attributes described in the codeceding paragraphs, Active Directory also
supports the following informational attributes:
currentTime. The current time in the generalized time format.
dsServiceName. NTDS settings.
defaultNamingContext. The default naming context (directory partition) for a particular server. This value
is the distinguished name of the domain directory partition for which this domain controller is
authoritative.
schemaNamingContext. The naming context (directory partition) for the forest schema.
configurationNamingContext. The naming context (directory partition) for the forest Configuration
container.
rootDomainNamingContext. The distinguished name for the domain naming context (directory partition)
that is the first domain that was created in this forest. This domain functions as the forest root domain.
supportedLDAPPolicies. Supported LDAP management policies.
highestCommittedUsn. Highest update sequence number (USN) committed to the database on this domain
controller. (For information about update sequence numbers, see "Active Directory Replication" in this
book.)

Enroll : 167180363
dnsHostName. The DNS name of this domain controller.

serverName. The fully qualified distinguished name for this domain controller.
supportedCapabilities. The object identifier value (1.2.840.113556.1.4.800) that indicates the additional
capabilities of an Active Directory server, such as dynamic update, integrated DNS zones, and LDAP
policies.
LdapServiceName. The service principal name for the LDAP server, which is used for mutual
authentication.
isSynchronized. Boolean indicator for whether the domain controller has completed its initial sync with
replica partners.
isGlobalCatalogReady. Boolean indicator for whether the domain controller is codepared to advertise
itself as a Global Catalog.
For more information about rootDSE and rootDSE attributes, see the Request for Comments (RFC) link
on the Web Resources page . Follow the links to RFC 2251 and RFC 2252.
You can use ADSI Edit or Ldp to see the contents of rootDSE for a given domain controller.
Question 8 install and configure tcp/ip in windows 2000
Answer Setup installs TCP/IP by default if you have accepted the default Windows 2000 Professional
installation options. If you are upgrading to Windows 2000 Professional, however, Setup replaces your
existing network configuration.
If your original Windows installation included a third-party TCP/IP protocol stack, Setup replaces the
existing TCP/IP protocol. If there are features that are required by your third-party stack you must
determine whether they are supported by Windows 2000 TCP/IP. If these features are required, you must
install the third-party stack by using the installation tool provided by your network vendor.
To install Windows 2000 TCP/IP after Windows 2000 Professional Setup
1. In Control Panel, double-click Network and Dial-up Connections .
2. Right-click the connection you want to modify.
3. Select Properties .
4. On the General tab, click Install .
5. Select Protocol .
6. Click Add .
7. In Network Protocol , select TCP/IP and click OK
8. When prompted, click Yes to restart the computer.
Configure a DNs server and find out how it reduces the network traffic
Answers A caching-only DNS server reduces outgoing DNS traffic and speeds up name resolution. It
receives queries from clients, performs the queries against other name servers, caches the results, and
returns those results to the client. In this Windows 2000 Server tip, Jim Boyce tells you how to configure
a caching-only DNS forwarder.
If you want to reduce network traffic for DNS and improve DNS lookup, one solution is to create a
caching DNS forwarder on your network. A caching-only DNS server receives queries from clients,
performs the queries against other name servers, caches the results, and returns those results to the client.
It then returns subsequent queries for the specified host from the cache instead of submitting them to an
external server. This reduces outgoing DNS traffic and speeds up name resolution.
You can set up a caching-only server by configuring the DNS service with one or more forwarders, which
are upstream DNS servers to which the local DNS server will forward queries (essentially acting as a
DNS client).
You can configure the DNS service to work with forwarders either nonexclusively or exclusively. In
nonexclusive mode, the DNS server checks its cache for the host. If the lookup fails, it forwards the query

Enroll : 167180363
to the specified forwarder. If that query fails, the DNS server attempts to resolve the query on its own
through the root servers.
In exclusive mode, the DNS service also checks its cache. If the lookup fails, it forwards the query to the
forwarder.
If the upstream servers fail the query, the DNS server doesn't attempt resolution on its own; instead, it
fails the query to the client. A DNS server acting in exclusive mode with a forwarder is a caching-only
slave.
To configure forwarding, follow these steps:
1. Open the DNS console, right-click the server, and choose Properties.
2. On the Forwarders tab, choose Enable Forwarders, and add the IP addresses of the upstream DNS
servers to which you want to forward queries.
3. If you want the DNS service to work in exclusive mode, select the Do Not Use Recursion option.
4. Click OK to apply the change.
Keep in mind that restarting the server will clear the DNS cache, so a caching-only server works best
when it's been running for an extended period of time.
Question Configure a DNS server as a root name server

Answer Follow these steps to configure root hints for Windows 2000 Server.
Root hints are name and address pairs that enable a DNS server to locate root DNS servers. They help
resolve DNS queries for hosts in domains for which the server is not an authority. During a new DNS
server installation, Windows Server uses the Cache.dns file stored in %systemroot%\System32\DNS to
implement root hints.
If you originally set up a DNS server for internal queries only, it's possible that the root hints in your
server are empty or that someone has modified them to point to internal servers. If you now want the DNS
server to resolve queries for external hosts, it's important to ensure that the server has a valid set of root
hints.
To configure root hints for the server, follow these steps:
1. Ensure that you've configured the server to use an upstream DNS server capable of resolving
external hosts.
2. Open the DNS console from the Administrative Tools folder.
3. In the left pane, right-click the server in question, and choose Properties.
4. On the Root Hints tab, select the first server in the Name Servers list, and click Edit.
5. Click Resolve to resolve the host name to its IP address, and click OK. You can also manually
enter the IP address for the target server.
6. Repeat the process for the remaining root servers, and add others if necessary.
7. When you've finished, close all dialog boxes.
Question 11 Implement delegate zones for a Domain Name Server
Answer Delegating zones
DNS provides the option of dividing up the namespace into one or more zones, which can then be stored,
distributed, and replicated to other DNS servers. When deciding whether to divide your DNS namespace
to make additional zones, consider the following reasons to use additional zones:

Enroll : 167180363
 A need to delegate management of part of your DNS namespace to another location or

department within your organization.
 A need to divide one large zone into smaller zones for distributing traffic loads among multiple
servers, improve DNS name resolution performance, or create a more fault-tolerant DNS
environment.
 A need to extend the namespace by adding numerous subdomains at once, such as to
accommodate the opening of a new branch or site.
If, for any of these reasons, you could benefit from delegating zones, it might make sense to restructure
your namespace by adding additional zones. When choosing how to structure zones, you should use a
plan that reflects the structure of your organization.
When delegating zones within your namespace, be aware that for each new zone you create, you will
need delegation records in other zones that point to the authoritative DNS servers for the new zone. This
is necessary both to transfer authority and to provide correct referral to other DNS servers and clients of
the new servers being made authoritative for the new zone.
When a standard primary zone is first created, it is stored as a text file containing all resource record
information on a single DNS server. This server acts as the primary master for the zone. Zone information
can be replicated to other DNS servers to improve fault tolerance and server performance.
When structuring your zones, there are several good reasons to use additional DNS servers for zone
replication:
1. Added DNS servers provide zone redundancy, enabling DNS names in the zone to be resolved
for clients if a primary server for the zone stops responding.
2. Added DNS servers can be placed so as to reduce DNS network traffic. For example, adding a
DNS server to the opposing side of a low-speed WAN link can be useful in managing and
reducing network traffic.
3. Additional secondary servers can be used to reduce loads on a primary server for a zone.
Example: Delegating a subdomain to a new zone
As shown in the following figure, when a new zone for a subdomain (example.microsoft.com) is created,
delegation from the parent zone (microsoft.com) is needed.

Enroll : 167180363
In this example, an authoritative DNS server computer for the newly delegated example.microsoft.com
subdomain is named based on a derivative subdomain included in the new zone
(ns1.us.example.microsoft.com). To make this server known to others outside of the new delegated zone,
two RRs are needed in the microsoft.com zone to complete delegation to the new zone.
These RRs include:
 An NS RR to effect the delegation. This RR is used to advertise that the server named
ns1.us.example.microsoft.com is an authoritative server for the delegated subdomain.
 An A RR (also known as a glue record) is needed to resolve the name of the server specified in
the NS RR to its IP address. The process of resolving the host name in this RR to the delegated
DNS server in the NS RR is sometimes referred to as glue chasing.
Note
 From the administration console: The administrator defines the settings to be applied on
managed computers in the Web administration console.
 From the Panda icon: The end-user configures the firewall. There are a series of rules
predefined by Panda which establish permissions for common applications. New rules can be
created or existing ones can be modified in the local firewall configuration console.
The first thing to select in the Web console is the firewall performance. The options available are:
 Allow configuration of the firewall by the client: You can configure the firewall through the
local console. If you select this option, the rest of the settings will not be accessible to the
administrator, since the configuration will be done locally.
 Apply the following firewall settings: This option allows the administrator to configure the
firewall of the managed computers.
To configure the firewall, you must first open the Panda EndPoint Protection local console. To do this,
right-click the protection icon in the system tray and select Panda Endpoint Protection.
When the console opens, click the Firewall icon. You will see the firewall settings screen.

Enroll : 167180363
This screen displays the following options:
 Firewall status: Indicates if the firewall is running or has stopped working.

 Enable/Disable: You can enable or disable the firewall.
 Type of network: The firewall behavior depends on the type of network you are connected to.
You can select three network locations:
o Your home
o Work
o Public place
If you select Public place, it is important to note that Panda will implement a series of
system rules to strengthen computer security. These rules are:
 Deny inbound ICMP requests.
 Deny NETBIOS (folder and printer sharing)
 Deny inbound connections from the Microsoft Distributed Transaction
Coordinator (MSDTC).
MSDTC is a Microsoft communication protocol

 Deny Remote Desktop access.
 Deny remote IIS (Internet Information Service) administration.
Program control
Here you can define the Internet connection permissions of the different applications.
To access the Program Control settings, click Configure… This screen lets you select the user and
factory rules that you want to apply to the various programs, and set priorities on them. You can also
configure the firewall through the pop-up messages displayed by Panda Endpoint Protection when there is
an attempt to connect to or from the Internet.
Configuring user rules
1. In the Program control screen, click Add to access the Edit rule screen.
2. Enter the rule name.

Enroll : 167180363
3. Select if the rule will apply to a specific program or to all of them.

If it only applies to a specific program, click Select to select it.
4. In Action, select the communication direction:
o Allow outbound connections: The program can connect to the Internet, but does not
accept external connections from other users or applications.
o Allow inbound connections: The program accepts connections from programs or users
from the Internet, but will not have outbound permissions to connect.
o Deny outbound connections: The program CANNOT connect to the Internet.
o Deny inbound connections: The program DOES NOT accept connections from programs
or users from the Internet.
5. Select if the rule will apply when you are connected to the Internet at home, work or a public
place.
6. Finally, select the protocol, port or range of ports, and the IP address or range of IP addresses.
To edit or delete a rule, select it and click the relevant button.
To increase or decrease the priority of a rule, click the relevant arrow . The rule will move up or
down in the list.
You can also import/export rules to a text file.
Configuring factory rules
The factory rules are control rules recommended by our experts, which affect communication of certain
applications. These rules have lower priority than user rules.
You can enable or disable these rules, but not modify them. However, you can view their content.
How to enable/disable factory rules
1. Click the Factory rules tab in the Program control screen.

2. Select the relevant checkbox to enable the rules.
3. To view the content of any of the rules, select it and click Edit. This will take you to the Edit rule
screen.
Question 3 configure TCP/Imp Packet filter.
Answer Configuring TCP/IP security in Windows Server 2003

To configure TCP/IP security:
1. Click Start, point to Control Panel, point to Network Connections, and then click the local area
connection that you want to configure.
2. In the Connection Status dialog box, click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced.
5. Click Options.
6. Under Optional settings, click TCP/IP filtering, and then click Properties.
7. Click to select the Enable TCP/IP Filtering (All adaptors) check box.
Note When you select this check box, you enable filtering for all adaptors, but you configure the
filters individually for each adaptor. The same filters do not apply to all adaptors.
8. In the TCP/IP Filtering dialog box, there are three sections where you can configure filtering for
TCP ports, User Datagram Protocol (UDP) ports, and Internet protocols. For each section,

Enroll : 167180363
configure the security settings that are appropriate for your computer.
Note When Permit All is activated, you permit all packets for TCP or UDP traffic. Permit Only
lets you to permit only selected TCP or UDP traffic by adding the allowed ports. To specify the
ports, you use the Add button. To block all UDP or TCP traffic, click Permit Only but do not add
any port numbers in the UDP Ports column or TCP Ports column. You cannot block UDP or TCP
traffic by selecting Permit Only for IP Protocols and excluding IP protocols 6 and 17.
Configuring TCP/IP security in Windows Small Business Server 2003

To configure TCP/IP Filtering, follow these steps.
Note To perform this procedure, you must be a member of the Administrators group or the Network
Configuration Operators group on the local computer.
1. Click Start, point to Control Panel, right-click Network Connections, and then click Open.
2. Right-click the network connection where you want to configure inbound access control, and
then click Properties.
3. Under adaptorName Connection Properties on the General tab, click Internet Protocol
(TCP/IP), and then click Properties.
4. In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced.
5. Click the Options tab.
6. Click TCP/IP Filtering, and then click Properties.
7. Click to select the Enable TCP/IP Filtering (All adaptors) check box.
Note When you select this check box, you enable filtering for all adaptors. However, filter
configuration must be completed on each adaptor. When TCP/IP Filtering is enabled, you can
configure each adaptor by selecting the Permit All option, or you could allow for only specific IP
protocols, TCP ports, and UDP ports to accept inbound connections. For example, if you enable
TCP/IP Filtering and you configure the external network adaptor to permit only port 80, this lets
the external network adaptor to accept Web traffic only. If the internal network adaptor also
has TCP/IP Filtering enabled but is configured with the Permit All option selected, this enables
unrestricted communication on the internal network adaptor.
8. Under TCP/IP Filtering, there are three columns with the following labels:
o TCP Ports
o UDP Ports
o IP Protocols
In each column, you must select one of the following options:
o Permit All. Select this option if you want to permit all packets for TCP or UDP traffic.
o Permit Only. Select this option if you want to permit only selected TCP or UDP traffic,
click Add, and then type the appropriate port or protocol number in the Add Filter
dialog box. You cannot block UDP or TCP traffic by selecting Permit Only in the IP
Protocols column and by then adding IP protocols 6 and 17.
Note You cannot block ICMP messages, even if you select Permit Only in the IP Protocols
column and then you do not include IP protocol 1.
TCP/IP Filtering can filter only inbound traffic. This feature does not affect outbound traffic or TCP
response ports that are created to accept responses from outbound requests. Use IPSec Policies or

Enroll : 167180363
Routing and Remote Access packet filtering if you require more control over outbound access.
Note If you select Permit Only in UDP Ports, TCP Ports, or the IP Protocols column and the lists are left
blank, the network adaptor will not be able to communicate with anything over a network, either locally
or to the Internet.
Question 4 Monitor the Imp Routing status
Answer You can install multiple network adapters in a Windows 2000 / XP Professional system.
To enable Windows 2000 in such a case (System#2 in the graphic below) to enable
System #1 and System#3 to communicate with each other, System #2 has to handle
the Routing of the network traffic, it has to act as a "Router" :
What are the possibilities for System #2 using Windows9x, NT4 and Windows 2000 ?
Windows95/98/ME is able to work as a router using a registry entry( NOT supported by Microsoft ) :
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP : "EnableRouting", value

"1"

Enroll : 167180363
All documentation on Windows 2000 shows that routing on multiple network adapters is
activated in "RRAS" : Routing and Remote Access Service.
But RRAS is not part of Windows 2000 Professional.
Question 5 customize and configure Ipsec policy and rule for transport mode on the local computer.
Answer Configuring IPSec Policies
You should understand that IPSec is designed to be an end-to-end security model that secures traffic
between clients and servers. The IP address of the computer does not necessarily have to be the entity that
is considered; rather, the system that uses the IP address is validated through an authentication process.
This allows you to deploy IPSec to a computer, domain, site, or any container within your Active
Directory (AD).
In addition, because there are many ways to authenticate, IPSec can be used to secure local area network
(LAN) communications, wide area network communications, and remote access communications as well.
This is accomplished through the configuration of IPSec policies that contain rules and filters. The rules
and filters that you use will depend on what you are securing and how much protection it requires. You
should be familiar with the following configuration options using IPSec:
 Transport mode
 Tunnel mode
 IPSec policy rules
Transport Mode
Transport mode is the default mode for IPSec. It is used for end-to-end security between a client and a
server within a LAN. IPSec can encrypt the payload of each packet to protect the integrity and
confidentiality of the data that it contains. As an alternative, IPSec can simply be used to ensure that the
communication came from the indicated source and that the communication hasn't been intercepted or
tampered with while in transit. Based on your own security needs, you can configure IPSec for one of the
following:
 Authentication Header (AH) transport mode
 Encapsulating Security Payload (ESP) transport mode
Authentication Header (AH) Transport Mode
Authentication Header (AH) provides for authentication, integrity, and anti-replay of each packet without
encrypting the data. In other words, the data remains readable but is protected from modification. AH
uses a system of keyed hash algorithms to sign the packet to ensure its integrity. In this way, you can be
assured that a packet did originate from its indicated source and that it has not been modified in transit.
This is accomplished by placing an AH header in each packet between the IP header and the IP payload.
You can configure custom data integrity and encryption settings, as illustrated on Figure 3.8. Configuring
custom settings requires the following steps:
1. Locate or create an IPSec policy in a computer's Local Settings, a domain's Default Security
Policy, or a Group Policy Object.
2. Right-click the IPSec policy.
3. Click Properties.
4. Select the Default Response rule.
5. Click Edit.

Enroll : 167180363
6. On the Security Methods tab, click Edit.

7. Select Custom.
8. Click Settings.
NOTE
AH does not encrypt the data within the packets sent.

Figure 3.8 PSec can be used to protect the integrity of a packet using AH.
Encapsulating Security Payload (ESP) Transport Mode
Encapsulating Security Payload (ESP) provides everything that AH does and also
provides for the confidentiality of the packet during transit. In transport mode, the
entire packet is not encrypted or signed; rather, only the data in the IP payload is
encrypted and signed. The authentication process ensures that the packet originated from the indicated
sender, and the fact that the data was encrypted ensures that it wasn't viewed or modified during transit.
This is accomplished by placing an ESP header before the IP payload and an ESP trailer after the IP
payload, further encapsulating only the IP payload.
CAUTION
ESP does not sign the entire packet—only the IP payload itself is encrypted.
Tunnel Mode
IPSec tunnel mode encrypts the IP header and the payload during transit. In this way, tunnel mode
provides protection for the entire packet. An entire IP packet is first encapsulated with an AH or ESP
header, and then the result is encapsulated with an additional IP header. The additional IP header contains
the source and destination of the tunnel endpoints. After the packet reaches the first destination at the
tunnel endpoint, it can be decapsulated and sent to the final destination by reading the IP address.
This double encapsulation makes tunnel mode suitable for protecting traffic between network systems. It
can be used when traffic must pass through an untrusted medium such as the Internet. It is therefore most
often used with gateways or end-systems that do not support L2TP/IPSec or PPTP connections. You can
use IPSec tunnel mode for the following configurations:
 Gateway to gateway
 Server to gateway
 Server to server
As with transport mode IPSec, tunnel mode IPSec can be used in AH mode or in ESP mode. The concept
is very much the same except that the packets are encapsulated twice. You can configure IPSec tunnel
mode for the following:
 AH tunnel mode
 ESP tunnel mode
Authentication Header (AH) Tunnel Mode
AH tunnel mode encapsulates an IP packet by placing an AH header between the internal IP header and
the external IP header. AH then signs the entire packet for integrity and authentication. This is illustrated
in Figure 3.9.

Enroll : 167180363
Encapsulating Security Payload (ESP) Tunnel Mode
ESP mode encapsulates an IP packet with an ESP header, IP header, and ESP trailer. This has the effect
of protecting the IP header, trailer, and payload. The entire packet is then encapsulated into a new IP
tunnel header, which contains the IP addresses of the endpoints of the tunnel. This is illustrated in Figure
3.10.
TIP
Transport mode IPSec is used for secure communications between client and servers in a LAN, whereas
tunnel mode is used for secure communication between networks.
Figure 3.9 In AH tunnel mode, authentication headers are placed between the
internal IP header and the external IP header of each packet.
Figure 3.10 In ESP tunnel mode, the entire packet is
encapsulated into a new IP tunnel header, which contains the IP
addresses of the endpoints of the tunnel.
IPSec Policy Rules
Whether you use transport mode or tunnel mode for IPSec, the behavior of the system will be determined
and controlled by the rules that you configure. Windows Server 2003 comes installed with some basic
rules, but these are only to be used for examples because they offer no real security for your network. You
should configure rules based on the security requirements of your organization. How you configure the
rules of a policy will determine how it will be used and ultimately whether it will be in transport mode or
tunnel mode.
Each IPSec policy consists of one of more rules that will determine the behavior of the policy. The rules
are configured on the Rules tab of the properties of an IPSec policy, as shown in Figure 3.11. You can
access the Rules tab by right-clicking a policy and clicking Properties. Each rule can contain settings for
the following:
 Filter list
 Filter action
 Authentication methods
 Tunnel endpoint
 Connection type
Figure 3.11 You can configure the properties of each IPSec rule.
Filter List
You configure a filter list by selecting the IP Filter List tab in the properties of an IPSec
rule (see Figure 3.12). In the resulting IP Filter List dialog box, a single filter list can
contain multiple predefined packet filters that allow traffic to be identified by the list.
After the traffic is identified, then the filter action can be applied. Filter lists can
identify traffic based on its source, destination, and protocol. You can set both inbound and outbound
filters in an IPSec policy.
Figure 3.12 You can configure multiple filter lists in a single IPSec policy.
Filter Action

Enroll : 167180363
A filter action is set for each type of traffic as identified by a filter list. The filter actions from which you
can choose include Permit, Block, or Negotiate Security for the packets that match the filter list. If
Negotiate Security is selected, one or more security methods can be selected. Filter actions are configured
on the Filter Action tab in the properties of an IPSec rule. As mentioned previously, the system
automatically processes multiple filters in order of specificity, starting with the most specific.
Authentication Methods
You can configure one of more authentication methods to be used in main mode during negotiations. The
available authentication methods (as discussed previously) are Kerberos V5, certificates, and preshared
keys. You should only use preshared keys as a last resort. You can configure these using the
Authentication Methods tab in the properties of an IPSec rule.
Tunnel Endpoint
When you configure a tunnel endpoint as part of a rule, you are setting up one end of tunnel mode IPSec.
You must also configure the other end of the tunnel with the same rule and its corresponding tunnel
endpoint. This establishes the IP addresses that will be used when the packet is encapsulated before being
sent through the tunnel. You should configure the tunnel endpoint on the Tunnel Setting tab in the
properties of the IPSec rule to which it applies.
Connection Type
The connection type specifies whether this rule applies to LAN communications, dial-up, or both. The
connection type setting can be used to specify rules based on the inherent protocols and technologies that
your connection uses. In other words, LAN communications will certainly use different protocols (rules)
than dial-up communications and will therefore require different IPSec rules as well.
Session windows 2000 Network management
Question 1 create a group policy object and console
Answer Step 3 – Create Installation Group Policy Object
This step creates a Group Policy Object or "GPO" that will install the software packages.
1. Launch the Group Policy Management Console on your administrative workstation (Start -> Run
-> "gpmc.msc"). Note: The Group Policy Management Console is included with Windows Server
2008. For Windows Server 2003, the Group Policy Management Console can be downloaded
from http://www.microsoft.com/windowsserver2003/gpmc/
2. Expand the tree for your domain, then right-click on “Group Policy Objects” and select “New”.
Enter a name such as “OpenOffice-Enterprise Installation”. Your new Group Policy Object will
appear in the tree under “Group Policy Objects”. Right-click on its name and select “Edit...”. This
will open the Group Policy Object Editor.
3. In the Group Policy Object Editor, under “Computer Configuration”, expand “Software Settings”,
right-click on “Software Installation” and select “New --> Package...”.
4. Click on “My Network Places”. (Note: This is a required step. You must select the package to
install from a network location rather than a local location. If you do not first click on “My
Network Places”, the selection of a package to install will not be accepted.)

Enroll : 167180363
5. Navigate to the network location containing your OpenOffice-Enterprise administrative install,

and double-click on the .msi file “ooewin-630.msi”.
6. For the deployment method, select “Assigned” and click "OK". The OpenOffice-Enterprise
installation package should appear in the view pane of the Group Policy Editor.
7. Right-click on “Software Installation” and select “New --> Package...” again.
8. Navigate to the network location where you placed the Java JRE install file “jre1.6.0_18.msi” and
double-click on this file. If you are not installing Java, skip this step and move down to the
installation of OpenOffice.
9. For the deployment method, select “Assigned” and click "OK". The JRE installation package
should appear in the view pane of the Group Policy Editor.
10. Right-click on “Software Installation” and select “New --> Package...” again.
11. Navigate to the network location containing your OpenOffice suite administrative install, and
double-click on the .msi file “openofficeorg32.msi”.
12. For "Deployment Method" select “Advanced” and click “OK”. After a short pause, the Properties
dialog should appear.
13. Under the "Deployment" tab of the Properties dialog, select "Advanced...", check the box next
to "Ignore language when deploying this package", then click "OK".
14. Download the file Check_OOE_v3.mst and add it to the directory that contains the OpenOffice
installation file openofficeorg32.msi.
15. Several additional installation transform files for OpenOffice are available here. If you want to
install OpenOffice with one or more of these transforms, download the transform (.mst) files
and add them to the directory that contains the OpenOffice installation file
openofficeorg32.msi.
16. Return to the OpenOffice installation Properties dialog, and click on the “Modifications”. Add
Check_OOE_v3.mst and all of the additional transform files you downloaded, then click “OK”.
17. Click "OK" to close the Properties dialog for the OpenOffice installation. The OpenOffice
installation package should appear in the view pane of the Group Policy Editor.
18. To set additional options, double-click on each package name in the view pane. For example,
selecting “Uninstall this application when it falls out of the scope of management” will cause the
applications to be automatically uninstalled if this group policy object is deleted or unlinked.
(Alternately, the software can be uninstalled later by right-clicking on each package name and
selecting “All Tasks” -> “Remove...”). Any options selected must be set for each package
individually, so be certain to double-click on each package name in succession and set the
desired options.
19. When done, double check your selections and close the Group Policy Object Editor.
Question configuring software Deployment settings

Answer n System Center Service Manager 2010 Service Pack 1 (SP1), use the following procedure to
define a process that your organization can use to approve a software deployment request that an end user
initiates from the Self-Service Portal. Software packages are imported from Configuration Manager using
other procedures; the process you create by using the following procedure allows the software
deployment request to be approved.
End users submit change requests in the Self-Service Portal if they want to install software. After all the
approval processes are completed successfully, the requested software is installed by Configuration
Manager on the end user’s computer. You can define multiple software deployment processes for your
Enroll : 167180363
organization to manage various software titles and suites and to apply different approval and
implementation processes based on change request templates.
If you create a change request template for a custom review activity that requires line manager approval
and the template is later linked to a software deployment process, the software request is automatically,
although incorrectly, approved. This error only occurs when a Self-Service Portal user who is not a
Service Manager user requests the software. Therefore, as a best practice, when you create a change
request template, you must add specific reviewers. For more information about adding a change reviewer,
see How to Add a Change Reviewer in the System Center Service Manager Operations Guide. This
incorrect approval condition has been corrected in Service Manager 2010 Service Pack 1.
Note
Although you can base a software deployment process on your own custom change request template,
Service Manager does not correctly display the change request template name in the Software
Deployment Process list. However, the software deployment process still functions correctly.
To create a software deployment process
1. In the Service Manager console, click Administration.
2. In the Administration pane, expand Portal, and then click Software Deployment Process.
3. In the Software Deployment Process pane, click Create.
4. In the General section in the Name box, type the name of the process you want to create. For
example, type Standard Microsoft Office Software Request Process.
5. In the Description box, type a description of the process. For example, type Use this process to
approve and deploy Microsoft Office software to end users.
6. In the Process section under Create a software deployment process, click Select to open the
Select objects list, and then view the list of available software packages.
7. In the list, select a software package, click Add, and then click OK.
8. Under Templates, select a template to apply to the software deployment process, and then click
OK to save and close the form.
Question 4 configuring remote and removable storage
Answer Remote Storage and Removable Storage
Remote Storage uses Removable Storage to access the applicable media in a library that are used for
remote storage.
Remote Storage can support a multiple-drive automated library, but only if all the drives within it are
identical. Within such an automated library, Remote Storage can access two or more drives at the same
time. If the automated library contains two or more drives, Remote Storage can simultaneously copy data
to, and recall data from, two or more different tapes or disks.
All remote storage tapes or disks used by Remote Storage exist in a single application media pool that is
automatically created during Remote Storage Setup. You use Removable Storage to verify that sufficient
media have been moved to a free media pool, so that Remote Storage can use tapes or disks from that
pool if needed. You cannot move tapes or disks from the Remote Storage application media pool to
another application media pool.
Remote Storage can support only a single tape or disk type for use as remote storage. You specify which
type is supported when you run the Remote Storage Setup wizard. You cannot change this type later.
Recalling data from remote storage may take more time than usual. The amount of this time delay
depends on several factors:
 Whether or not a tape or disk is already mounted in a drive.

Enroll : 167180363
 The speed of a library in mounting a tape or disk.

 Availability of the tapes or disks and drives in a library.
 Whether or not other file recalls are pending.
The following figure illustrates how Remote Storage recalls data from remote storage to local storage.
Note that when data is recalled, it is copied back to the original volume and the file again takes up disk
space.
Remote Storage does not support the use of QIC tapes as remote storage media.
Media used by Remote Storage contain only data that has been copied from managed volumes. However,
the library can contain additional media used by other applications, such as Backup.
Remote Storage does not support recalling data for a volume that has been managed at different times by
two different Remote Storage installations.
Question setup the filter options of advanced user and group

Answer An LDAP directory is a collection of data about users and groups. LDAP (Lightweight Directory
Access Protocol) is an Internet protocol that web applications can use to look up information about
those users and groups from the LDAP server.
We provide built-in connectors for the most popular LDAP directory servers:
 Microsoft Active Directory

 Apache Directory Server (ApacheDS)
 Apple Open Directory
 Fedora Directory Server
 Novell eDirectory
 OpenDS
 OpenLDAP
 OpenLDAP Using Posix Schema
 Posix Schema for LDAP
 Sun Directory Server Enterprise Edition (DSEE)
 A generic LDAP directory server
When to use this option: Connecting to an LDAP directory server is useful if your users and groups are
stored in a corporate directory. When configuring the directory, you can choose to make it read only, read
only with local groups, or read/write. If you choose read/write, any changes made to user and group
information in the application will also update the LDAP directory.
Connecting to an LDAP Directory in JIRA
To connect JIRA to an LDAP directory:
1. Log in as a user with the 'JIRA System Administrators'

Enroll : 167180363
2. Choose > User Management > User Directories.

'g' + 'g' + start typing 'directories'.
3. Add a directory and select one of these types:
o 'Microsoft Active Directory' – This option provides a quick way to select AD, because it
is the most popular LDAP directory type.
o 'LDAP' – You will be able to choose a specific LDAP directory type on the next screen.
4. Enter the values for the settings, as described below.
5. Save the directory settings.
6. Define the directory order by clicking the blue up- and down-arrows next to each directory on
the 'User Directories' screen. Here is a summary of how the directory order affects the
processing:
o The order of the directories is the order in which they will be searched for users and
groups.
o Changes to users and groups will be made only in the first directory where the
application has permission to make changes.
Notes:
 For this configuration, every time user logs in (i.e. first and subsequent times), the user's data in
JIRA will be updated from the user's data in LDAP. This includes username, display name, email
and group memberships. However for group memberships, only the following applies:
o direct groups only (i.e. not nested groups) are synchronised from LDAP.
o only groups that are already present in JIRA are synchronised, i.e. groups are not
added/removed, and group hierarchies are not synchronised.
Server Settings
Setting Description
Enter a meaningful name to help you identify the LDAP directory server. Examples:
Name
 Example Company Staff Directory
 Example Company Corporate LDAP
Select the type of LDAP directory that you will connect to. If you are adding a new LDAP
connection, the value you select here will determine the default values for many of the options
on the rest of screen. Examples:
Directory
Type
 Microsoft Active Directory
 OpenDS
 And more.
The host name of your directory server. Examples:
Hostname  ad.example.com
 ldap.example.com
 opends.example.com

Enroll : 167180363
Setting Description
The port on which your directory server is listening. Examples:
Port 389
10389
636 (for example, for SSL)
Check this if the connection to the directory server is an SSL (Secure Sockets Layer)
Use SSL
connection. Note that you will need to configure an SSL certificate in order to use this setting.
The distinguished name of the user that the application will use when connecting to the
directory server. Examples:
Username
cn=administrator,cn=users,dc=ad,dc=example,dc=com
cn=user,dc=domain,dc=name
user@domain.name
Password The password of the user specified above.
Schema Settings
Setting Description
The root distinguished name (DN) to use when running queries against the directory server.
Examples:
o=example,c=com
Base DN cn=users,dc=ad,dc=example,dc=com
For Microsoft Active Directory, specify the base DN in the following format:
dc=domain1,dc=local. You will need to replace the domain1 and local for
your specific configuration. Microsoft Server provides a tool called ldp.exe which
is useful for finding out and configuring the the LDAP structure of your server.
This value is used in addition to the base DN when searching and loading users. If no value
Additional is supplied, the subtree search will start from the base DN. Example:
User DN
 ou=Users
This value is used in addition to the base DN when searching and loading groups. If no value
Additional is supplied, the subtree search will start from the base DN. Example:
Group DN
 ou=Groups
Permission Settings
Note: You can only assign LDAP users to local groups when 'External Management User Management' is
not selected.
Setting Description
LDAP users, groups and memberships are retrieved from your directory server and can
Read Only
only be modified via your directory server. You cannot modify LDAP users, groups or

Enroll : 167180363
Setting Description
memberships via the application administration screens.
LDAP users, groups and memberships are retrieved from your directory server and can
only be modified via your directory server. You cannot modify LDAP users, groups or
memberships via the application administration screens. However, you can add groups to
Read Only, the internal directory and add LDAP users to those groups.
with Local Note for Confluence users: Users from LDAP are added to groups maintained in
Groups Confluence's internal directory the first time they log in. This is only done once per user.
There is a known issue with Read Only, with Local Groups in Confluence that may apply
to you. See CONF-28621 - User Loses all Local Group Memberships If LDAP Sync is
Unable to find the User, but the User appears again in subsequent syncs Open
LDAP users, groups and memberships are retrieved from your directory server. When
you modify a user, group or membership via the application administration screens, the
Read/Write changes will be applied directly to your LDAP directory server. Please ensure that the
LDAP user specified for the application has modification permissions on your LDAP
directory server.
Adding Users to Groups Automatically

Setting Description
Option available in Confluence 3.5 and later, and JIRA 4.3.3 and later. This field
appears if you select the 'Read Only, with Local Groups' permission. If you would like
users to be automatically added to a group or groups, enter the group name(s) here. To
specify more than one group, separate the group names with commas.
In Confluence 3.5 to Confluence 3.5.1: Each time a user logs in, their group
memberships will be checked. If the user does not belong to the specified group(s), their
username will be added to the group(s). If a group does not yet exist, it will be added
locally.
In Confluence 3.5.2 and later, and JIRA 4.3.3 and later: The first time a user logs in,
their group memberships will be checked. If the user does not belong to the specified
group(s), their username will be added to the group(s). If a group does not yet exist, it
Default Group will be added locally. On subsequent logins, the username will not be added
Memberships automatically to any groups. This change in behaviour allows users to be removed from
automatically-added groups. In Confluence 3.5 and 3.5.1, they would be re-added upon
next login.
Please note that there is no validation of the group names. If you mis-type the group
name, authorisation failures will result – users will not be able to access the applications
or functionality based on the intended group name.
Examples:
 confluence-users
 confluence-users,jira-users,jira-developers
Advanced Settings
Setting Description
Enroll : 167180363
Setting Description
Enable or disable support for nested groups. Some directory servers allow you to
Enable Nested define a group as a member of another group. Groups in such a structure are called
Groups 'nested groups'. If you are using groups to manage permissions, you can create nested
groups to allow inheritance of permissions from one group to its sub-groups.
Enable or disable the use of the LDAP control extension for simple paging of search
results. If paging is enabled, the search will retrieve sets of data rather than all of the
Use Paged Results search results at once. Enter the desired page size – that is, the maximum number of
search results to be returned per page when paged results are enabled. The default is
1000 results.
Choose whether to allow the directory server to redirect requests to other servers. This
option uses the node referral (JNDI lookup java.naming.referral)
Follow Referrals configuration setting. It is generally needed for Active Directory servers configured
without proper DNS, to prevent a 'javax.naming.PartialResultException: Unprocessed
Continuation Reference(s)' error.
If your directory server will always return a consistent string representation of a DN,
you can enable naive DN matching. Using naive DN matching will result in a
significant performance improvement, so we recommend enabling it where possible.
This setting determines how your application will compare DNs to determine if they
Naive DN are equal.
Matching
 If this checkbox is selected, the application will do a direct, case-insensitive,
string comparison. This is the default and recommended setting for Active
Directory, because Active Directory guarantees the format of DNs.
 If this checkbox is not selected, the application will parse the DN and then
check the parsed version.
Enable incremental synchronisation if you only want changes since the last
synchronisation to be queried when synchronising a directory.
Please be aware that when using this option, the user account configured for
synchronisation must have read access to:
 The uSNChanged attribute of all users and groups in the directory that
Enable need to be synchronised.
Incremental  The objects and attributes in the Active Directory deleted objects container
Synchronisation (see Microsoft's Knowledge Base Article No. 892806 for details).
If at least one of these conditions is not met, you may end up with users who are
added to (or deleted from) the Active Directory not being respectively added (or
deleted) in JIRA.
This setting is only available if the directory type is set to "Microsoft Active
Directory".
Synchronisation is the process by which the application updates its internal store of
Synchronisation
user data to agree with the data on the directory server. The application will send a
Interval (minutes)
request to your directory server every x minutes, where 'x' is the number specified

Enroll : 167180363
Setting Description
here. The default value is 60 minutes.
The time, in seconds, to wait for a response to be received. If there is no response
Read Timeout
within the specified time period, the read attempt will be aborted. A value of 0 (zero)
(seconds)
means there is no limit. The default value is 120 seconds.
Search Timeout The time, in seconds, to wait for a response from a search operation. A value of 0
(seconds) (zero) means there is no limit. The default value is 60 seconds.
This setting affects two actions. The default value is 0.
 The time to wait when getting a connection from the connection pool. A
Connection
value of 0 (zero) means there is no limit, so wait indefinitely.
Timeout (seconds)
 The time, in seconds, to wait when opening new server connections. A value
of 0 (zero) means that the TCP network timeout will be used, which may be
several minutes.
User Schema Settings

Setting Description
User This is the name of the class used for the LDAP user object. Example:
Object
Class  User
The filter to use when searching user objects. Example:
User
Object  (&(objectCategory=Person)(sAMAccountName=*))
Filter
More examples can be found here and here.
The attribute field to use when loading the username. Examples:
User  cn
Name  sAMAccountName
Attribute
NB: In Active Directory, the 'sAMAccountName' is the 'User Logon Name (pre-Windows
2000)' field. The User Logon Name field is referenced by 'cn'.
The RDN (relative distinguished name) to use when loading the username. The DN for each
User LDAP entry is composed of two parts: the RDN and the location within the LDAP directory
Name where the record resides. The RDN is the portion of your DN that is not related to the
RDN directory tree structure. Example:
Attribute
 cn
User First The attribute field to use when loading the user's first name. Example:
Name
Attribute  givenName
User Last
The attribute field to use when loading the user's last name. Example:
Name

Enroll : 167180363
Setting Description
Attribute
 sn
User The attribute field to use when loading the user's full name. Example:
Display
Name
 displayName
Attribute
User The attribute field to use when loading the user's email address. Example:
Email
Attribute  mail
User The attribute field to use when loading a user's password. Example:
Password
Attribute unicodePwd
The attribute used as a unique immutable identifier for user objects. This is used to track
username changes and is optional. If this attribute is not set (or is set to an invalid value), user
User renames will not be detected — they will be interpreted as a user deletion then a new user
Unique ID addition.
Attribute This should normally point to a UUID value. Standards-compliant LDAP servers will
implement this as 'entryUUID' according to RFC 4530. This setting exists because it is known
under different names on some servers, e.g. 'objectGUID' in Microsoft Active Directory.
Group Schema Settings

Setting Description
This is the name of the class used for the LDAP group object. Examples:
Group Object Class
 groupOfUniqueNames
 group
The filter to use when searching group objects. Example:
Group Object Filter
 (&(objectClass=group)(cn=*))
The attribute field to use when loading the group's name. Example:
Group Name Attribute
 Cn
The attribute field to use when loading the group's description. Example:
Group Description Attribute
 Description
Membership Schema Settings

Setting Description
Group Members Attribute The attribute field to use when loading the group's members. Example:

Enroll : 167180363
Setting Description
 Member
The attribute field to use when loading the user's groups. Example:
User Membership Attribute
 memberOf
Check this if your directory server supports the group membership attribute
on the user. (By default, this is the 'memberOf' attribute.)
 If this checkbox is selected, your application will use the group

membership attribute on the user when retrieving the list of
Use the User Membership groups to which a given user belongs. This will result in a more
Attribute, when finding the efficient retrieval.
user's group membership  If this checkbox is not selected, your application will use the
members attribute on the group ('member' by default) for the
search.
 If the Enable Nested Groups checkbox is seleced, your application
will ignore the Use the User Membership Attribute option and
will use the members attribute on the group for the search.
Check this if your directory server supports the user membership attribute
on the group. (By default, this is the 'member' attribute.)
Use the User Membership  If this checkbox is selected, your application will use the group
Attribute, when finding the membership attribute on the user when retrieving the members
members of a group of a given group. This will result in a more efficient search.
 If this checkbox is not selected, your application will use the
members attribute on the group ('member' by default) for the
search.
Diagrams of Some Possible Configurations

Enroll : 167180363
Diagram above: JIRA connecting to an LDAP directory.
Diagram above: JIRA connecting to an LDAP directory with permissions set to read only and local
groups.
Question Backup and restore all files in a domain
Answer Introduction
This document will explain how to protect your servers and data using Backup.
Backup helps to protect data from accidental loss if your server's hardware or storage media fails. If the
original data on your hard disk is accidentally erased or overwritten, or becomes inaccessible because of a
hard disk malfunction, you can easily restore the data from the archived copy.
The tasks that are covered in this document are:
 Creating an Emergency Repair Disk (ERD). The estimated time to complete this task is 5 minutes
or longer.
 Backing up your file and print servers and then archiving the data. The estimated time to
complete this task is 10 minutes. It will take longer if you have a large amount of data you are
backing up.
 Restoring files from Backup. The estimated time to complete this task is 5 minutes.
 Restoring your system files using an Emergency Repair Disk. The estimated time to complete this
task is 5 minutes.
When the tasks listed above are performed, your server is better protected from accidental data loss or
hardware malfunction.
IMPORTANT: All the step-by-step instructions included in this document were developed by using the
Start menu that appears by default when you install your operating system. If you have modified your
Start menu, the steps might differ slightly.
Top Of Page

Enroll : 167180363
Before You Begin
The recommendations in this document are only for file and print servers running Microsoft Windows
2000 Server. The following sections cover the options that you should consider before creating backups
of your servers.
Select a Type of Backup Storage
The backup storage can be a hard disk drive or a separate storage device such as a tape drive.
Backing up to a tape is preferable because you can create a backup and store the tape in a different
location from the computer. This protects against hard disk failure as well as loss from a fire or other
catastrophic event.
If you choose to back up to a hard disk, make sure that it is a hard disk separate from your primary hard
disk in case your primary hard disk fails. Backing up to a hard disk drive is convenient, but does not
protect against a catastrophic event.
Select a Schedule
It is best to perform backups late at night, on weekends, or whenever the server is not being used. You
can back up files that are open or in use; however, Backup may skip over some files that are held open by
other processes. It is a good practice to close your applications while Backup is running to minimize the
number of files that are not backed up.
You should schedule a weekly normal backup of all of your data, including the System State data for the
server. A normal backup will copy all the files you select and mark each file as having been backed up. In
addition, we recommend you schedule a weekly differential backup that is run on the days of the week the
normal backup is not run. A differential backup copies files that have been created or changed since the
last normal backup (the "differences"). It does not mark files as having been backed up so the changed
file will also be backed up as part of the next normal backup. A differential backup takes less time than a
normal backup. If you are performing a combination of normal and differential backups, restoring data
requires that you have the last normal as well as the last differential backup. The system state data for the
server includes a collection of system-specific data maintained by the operating system that must be
backed up as a unit. It is not a backup of the entire system. The system state data includes the registry,
COM+ Class Registration database, system files, boot files, and files under Windows File Protection.
Also, you should make sure to backup any encryption keys that you have. For information on encryption
keys, see the Microsoft Web site at
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/. On the left pane of the Web
site, click Windows 2000 Server Distributed Systems Guide, click Part 2 - Distributed Security, and then
click Chapter 15 - Encrypting File System.
Backup Permissions
Certain permissions and user rights are required to back up files and folders. As part of scheduling
backups, you will be asked for information about who is running the backup. If you are a member of the
Administrators or Backup Operators group on the local computer, you can back up any file and folder on
the local computer to which the local group applies. If you are a member of the Administrators or Backup
Operators group on a domain controller, you can only back up data on the domain controller and cannot
backup data on other computers in the domain unless the Built-in Administrators group is added to the

Enroll : 167180363
Domain Admins group or the Built-in Backup Operators group is added to the local Backup Operators
group of a computer joining the domain.
If you are not a member of the Backup Operators group for the domain, and you want to back up files,
then you must be the owner of the files and folders that you want to back up, or you must have one or
more of the following permissions for the files and folders you want to back up: Read, Read & Execute,
Modify, or Full Control.
Creating an Emergency Repair Disk
In addition to regular backups of your data, you should use Backup to create an Emergency Repair Disk
(ERD) when you first place your server into production and again before and after any major changes to
the system such as software and hardware upgrades. An ERD contains a backup of your operating system
files and a bootable floppy disk that can be used to start your computer if it will not start normally. Before
creating an ERD, make sure that you have a 3.5-inch floppy disk available to make the boot disk.
Another method of repairing your system is to use the Recovery Console. This method is recommended
only if you are an advanced user who can use basic commands to identify and locate problem drivers and
files. In addition, you will need the password for the built-in administrator account to use the Recovery
Console. For more information, see "Checklist: Recovering a system that will not start" on the Microsoft
TechNet Web site at http://go.microsoft.com/fwlink/?LinkId=22449.
Top Of Page
Backing Up Your Servers
The following section describes the step-by-step procedures for:

 Creating an Emergency Repair Disk (ERD)
 Backing up your file and print servers
Creating an Emergency Repair Disk
You should use Backup to create an Emergency Repair Disk (ERD) when you first place your server into
production and again before and after any major changes to the system such as software and hardware
upgrades. An ERD is used as a last resort in system recovery, only after you have exhausted other options
such as the startup options Safe Mode and Last Known Good Configuration.
Requirements
 To perform this procedure, you must be a member of either the Administrators or Backup
Operators group on the local computer, or you must have been delegated the appropriate
authority. If the computer is joined to a domain, members of the Domain Admins group will be
able to perform this procedure.
 The tool required to complete this step is Backup. You will also need a blank 1.44 MB floppy
disk to create an Emergency Repair Disk (ERD).
Note: Screenshots in this document reflect a test environment. The domain and server names in
your environment might differ slightly from the ones shown in these screenshots.
To create an Emergency Repair Disk (ERD)
1. Click Start, click Run, type ntbackup, and then click OK.
2. The Backup Utility will appear. Click Emergency Repair Disk.

Enroll : 167180363
3. When the Emergency Repair Diskette screen appears, follow the directions and insert a 1.44
megabyte (MB) floppy disk into drive A, and then click OK.
Choosing Also back up the registry to the repair directory will save your current registry files
to a folder within the systemroot\repair folder. This is useful if you need to recover your system in
the event your hard disk has failed.
4. When the Emergency Repair Diskette screen appears letting you know you can remove the
floppy disk, make sure you label the disk with the information given.
5. Store the floppy disk in a safe place near the computer. This disk can be used along with your
installation CD to start and restore the computer.
Note: The repair process relies on information that is saved in the systemroot\repair folder. You
must not change or delete this folder.
Backing Up Your File and Print Servers
To protect your servers, you should schedule regular backups of all of the data. We recommend that you
schedule a weekly normal backup of all of your data, including the System State data for the server. A
normal backup will copy all the files you select and mark each file as having been backed up. In addition,
we recommend you schedule a weekly differential backup. A differential backup copies files that have
been created or changed since the last normal backup (the "differences").
Requirements
 The tool required to complete this step is Backup.
To schedule a weekly normal backup
2. The Backup Utility will appear. Click Backup Wizard, and then click Next to continue.
3. In the Backup Wizard, on the What to Back Up page, click Back up selected files, drives, or
network data, and then click Next.
To include all data on your computer in the scheduled backup, click Backup everything on my
computer.
4. On the Items to Back Up page, click the items to expand their contents. Select the System State
check box and select other check boxes for any drives or folders that contain data that should be
backed up on a regular basis, and then click Next.

Enroll : 167180363
5. On the Where to Store the Backup page, click the drop-down menu or click Browse to choose a
location to save your backup. In Backup media or file name, type a descriptive name for the
backup, and then click Next.
6. On the Completing the Backup Wizard page, click Advanced.

7. On the Type of Backup page, in the drop-down menu, click Normal, and then click Next.
8. On the How to Back Up page, select the Verify data after backup check box, and then click
Next.
9. On the Media Options page, ensure the Append this backup to the media option is selected,
and then click Next.
10. On the Backup Label page, accept the default label shown or type a different label, and then
click Next to continue.
11. On the When to Back Up page, click Later to schedule the backup for a later time.
12. In the Set Account Information dialog box, in Run as, type the domain or workgroup and user
name of the account that is authorized to perform backup and restore operations. Use the format
domain\username or workgroup\username. In Password, type the password for the user account.
Retype the password in Confirm password, and then click OK.
You need to update the password specified in the scheduled task anytime the account's password
changes or expires to ensure the backup job runs as scheduled.
13. In Schedule entry, type a descriptive name in Job name, and then click Set Schedule.
14. In the Schedule Job dialog box, in Schedule Task, click Weekly in the drop-down menu.

Enroll : 167180363
15. In Start time, use the up and down arrows to select the appropriate time for the backup to start.
Click Advanced to specify a start date and an end date for the scheduled task or to specify
whether the scheduled task runs repeatedly at a particular interval.
16. In Schedule Task Weekly, select one or more days when you would like to have a backup
created, and then click OK.
17. On the When to Back Up page, click Next.
18. On the Completing the Backup Wizard page, confirm the settings, and then click Finish.
Notes: We recommend creating a summary backup log which, when regularly reviewed, will help
ensure that the backup was successfully completed. To do this, click the Tools menu, and then
click Options. On the Backup Log tab, select Summary.
If it's determined that the backup is not occurring, review the status of the scheduled task for
possible reasons. To review scheduled tasks, click Start, point to Settings, click Control Panel,
and then double-click Scheduled Tasks.
To schedule a weekly differential backup
2. The Backup Utility will appear. Click Backup Wizard, and then click Next to continue.
3. In the Backup Wizard, on the What to Back Up page, click Back up selected files, drives, or
network data, and then click Next.
4. On the Items to Back Up page, click the items to expand their contents. Select the System State
check box and select other check boxes for any drives or folders that contain data that should be
backed up on a regular basis, and then click Next.
5. On the Where to Store the Backup page, click the drop-down menu or click Browse to choose a
location to save your backup. In Backup media or file name, type a descriptive name for the
backup, and then click Next.

Enroll : 167180363
6. On the Completing the Backup Wizard page, click Advanced.

7. On the Type of Backup page, in Select the type of backup, click Differential, and then click
Next.
8. On the How to Back Up page, select the Verify data after backup check box, and then click
Next.
9. On the Media Options page, ensure the Append this backup to the media option is selected,
and then click Next.

Enroll : 167180363
10. On the Backup Label page, accept the default label shown or type a different label, and then
click Next to continue.
11. On the When to Back Up page, click Later to schedule the backup for a later time.
12. In the Set Account Information dialog box, in Run as, type the domain or workgroup and user
name of the account which is authorized to perform backup and restore operations. Use the
format domain\username or workgroup\username. In Password, type the password for the user
account. Retype the password in Confirm password, and then click OK.

Enroll : 167180363
You need to update the password specified in the scheduled task anytime the account's password
changes or expires to ensure the backup job runs as scheduled.
13. In Schedule entry, type a descriptive name in Job name, and then click Set Schedule.
14. In the Schedule Job dialog box, in Schedule Task, click Weekly in the drop-down menu.
15. In Start time, use the up and down arrows to select the appropriate time for the backup to start,
and then, in Schedule Task Weekly, select the days you want the differential backup to run each
week. It is recommended that you schedule a differential backup on the days that a normal
backup is not run. Click Advanced to specify a start date and an end date for the scheduled task
or to specify whether the scheduled task runs repeatedly at a particular interval. Click OK when
finished.
16. On the When to Back Up page, click Next.
17. On the Completing the Backup Wizard page, confirm your settings, and then click Finish.
Notes: We recommend creating a summary backup log which, when regularly reviewed, will
ensure that the backup was successfully completed. To do this, click the Tools menu, and then
click Options. On the Backup Log tab, select Summary.
If it's determined that the backup is not occurring, review the status of the scheduled task for
possible reasons. To review scheduled tasks, click Start, point to Settings, click Control Panel,
and then double-click Scheduled Tasks.
Verifying Data After Backup Is Complete
You can compare the backed-up data and the original data on your hard disk to be sure that the data is the
same. It is recommended that you only verify backups of data files; system backups are difficult to verify
due to the large number of changes that happen to system files on a continual basis. Some data files that
were in use during the backup might also cause verification errors, but you can generally ignore these
errors. If there are a large number of verification errors, there may be a problem with the media or the file
you are using to back up data. If this occurs, use different media or designate another file and run the
backup operation again.
To verify data after backup, in the Backup Utility, on the How to Back Up page, select the Verify data
after backup check box.
Note: Selecting this option might substantially increase the time it takes to perform a backup.
Top Of Page

Enroll : 167180363
Restoring Data from Backup
There are several ways to restore your server depending on what files need to be restored and whether
your system will start normally. The following procedures are covered in this section:
 Restoring files from Backup
 Restoring your system files using an Emergency Repair Disk (ERD)
Restoring Files from Backup
If the original data on your hard disk is accidentally erased or overwritten, or becomes inaccessible
because of a hard disk malfunction, the data may be restored from the back up copy.
Requirements
 The tool required to complete this step is Backup. If you are performing a combination of normal
and differential backups, restoring files and folders requires that you have the last normal as well
as the last differential backup.
To restore files from backup
2. The Backup Utility will appear. Click Restore Wizard, and then click Next.
3. On the What to Restore page, select the files and folders you want to restore, and then click
Next.
4. On the Completing the Restore Wizard page, click Advanced.
5. On the Where to Restore page, in the Restore files to dropdown list, do one of the following:
o Click Original location if you want the backed up files and folders to be restored to the
folder or folders they were in when they were backed up.
o Click Alternate location if you want the backed up files and folders to be restored to a
location you designate. This option will preserve the folder structure of the backed up
data; all folders and subfolders will appear in the alternate folder you designate.
o Click Single folder if you want the backed up files and folders to be restored to a
location you designate. This option will not preserve the folder structure of the backed up
data; the files will appear only in the alternate folder you designate.
If you select Alternate location or Single folder, type a path for the folder under Alternate
location, or click Browse to search for the folder. Click Next to continue.
6. On the How to Restore page, do one of the following:
o Click Do not replace the file on my computer if you do not want the restore operation
to copy over files that are already on your hard disk.
o Click Replace the file on disk only if the file on disk is older if you want the restore
operation to replace older files on your disk with newer files from your backup.
o Click Always replace the file on my computer if you want the restore operation to
replace files on your disk regardless of whether the backup files are newer or older.
Click Next to continue.

Enroll : 167180363
7. On the Advanced Restore Options page, you have the option to change any of the special
restore options, such as restoring security settings, the Removable Storage database, and junction
point data.
o Click Restore security if you want to restore the security settings for the files and folders
you are restoring. Security settings include access permissions, audit entries, and
ownership. This option is available only if you have backed up data from an NTFS
volume used in Windows 2000 and you are restoring it to an NTFS volume used in
Windows 2000.
o Click Restore Removable Storage database if you want to restore the Removable
Storage database, which is located in systemroot\system32\ntmsdata. The Removable
Storage database is automatically backed up whenever you back up your systemroot
folder. If you do not use Removable Storage to manage media, you do not need to choose
this option. This will erase the existing Removable Storage database in your systemroot
folder.
o Click Restore junction points, not the folders and file data they reference if you want
to restore junction points on your hard disk as well as the data that the junction points
point to. If you do not select this check box, the junction points will be restored but the
data your junction points point to may not be accessible.
If you have used the linkd command to create junction points, and you want to restore
the junction points and the data to which the junction points point, you must select this
check box. Also, if you are restoring a mounted drive, and you want to restore the data
that is on the mounted drive, you must select this check box. If you do not select this
check box, you will only restore the folder containing the mounted drive.
8. Click Next to continue.
9. On the Completing the Restore Wizard page, verify the settings and click Finish.
Restoring your System Files using an Emergency Repair Disk
Requirements
 The tools required to complete this step are your previously created Emergency Repair Disk
(ERD) and the original Windows 2000 Server installation CD.
To use an Emergency Repair Disk for system repairs
1. Insert the Windows 2000 Setup compact disc (CD), or the first floppy disk you created from the
CD, in the appropriate drive:
o For systems that cannot start (boot) from the CD drive, you must use a floppy disk.
o For systems that can start (boot) from the CD drive, you can use either the CD or a floppy
disk.
2. Restart the computer, and if using floppy disks, respond to the prompts that request each floppy
disk in turn.
3. When the text-based part of Setup begins, follow the prompts; choose the repair or recover option
by pressing R.
4. When prompted, insert the Windows 2000 Setup CD in the appropriate drive.
5. When prompted, choose the emergency repair process by pressing R.
6. When prompted, choose between the following:
o Manual Repair (press M): This should be used only by advanced users or administrators.
Use this option to choose whether you want to repair system files, partition-boot sector
problems, or startup environment problems.

Enroll : 167180363
o Fast Repair (press F): This is the easiest option, and does not require input. This option
will attempt to repair problems related to system files, the partition boot sector on your
system disk, and your startup environment (if you have a dual-boot or multiple-boot
system).
7. Follow the instructions on the screen and, when prompted, insert the Emergency Repair Disk in
the appropriate drive.
During the repair process, missing or corrupted files are replaced with files from the Windows
2000 CD or from the systemroot\Repair folder on the system partition. Replacement files from
either of these sources will not reflect any configuration changes made after setup.
8. Follow the instructions on the screen; you might want to write down the names of files that are
detected as faulty or incorrect, to help you diagnose how the system was damaged.
9. If the repair was successful, allow the process to complete; it will restart the computer.
When the computer restarts, it indicates that the replacement files were successfully copied to the
hard disk.
Note: Because of the potential impact on data that has been backed up, the emergency repair process is
recommended for use only by advanced users or administrators
Session 10 window 2000 troubleshooting

Question 1 Recover a windows 2000 server that does not start
Answer Run the Recovery Console on a Computer that Does Not Start
NOTE: You must be logged on as an administrator or a member of the Administrators group to complete
the following procedure. Also, if your computer is connected to a network, network policy settings may
prevent you from completing this procedure.
To run the Recovery Console on a computer that does not start:

1. Insert the Windows 2000 Server Setup Disk 1 floppy disk into your disk drive, or, if you have a
bootable CD-ROM drive, you can instead insert the Windows 2000 Server CD-ROM into your CD-
ROM drive.
2. Restart your computer.
3. Follow the directions that are displayed on the screen. If you are using the Setup disks, you are
prompted to insert the other Setup disks into the disk drive. It may take several minutes to load
files. Select the appropriate options to repair your Windows 2000 installation and to start the
Recovery Console.
4. Once in the Recover Console, type HELP, and then press ENTER to see a list of commands.
NOTE: As an alternative, you can install the Recovery Console on your computer so it is always
available. See the "Precautionary Measures" section of this article for information about how to
install the Recovery Console on a working computer.
How to Remove the Recovery Console

As a precaution, you should not normally remove the Recovery Console. However, if you want to
remove the Recovery Console, you must do so manually.
To remove the Recovery Console:

Enroll : 167180363
1. Restart your computer, double-click My Computer, and then double-click the hard disk on which
you installed the Recovery Console. On the Tools menu, click Folder Options, and then click the
View tab.
2. If needed, click Show hidden files and folders, click to clear the Hide protected operating
system files check box, and then click OK.
3. Delete the Cmdcons folder from the root folder, and then delete the Cmldr file.
4. In the root folder, right-click the Boot.ini file, and then click Properties. Click to clear the Read-
only check box, and then click OK.
5. NOTE: If you incorrectly modify the Boot.ini file, your computer may not start correctly. Because
of this, only delete the entry for the Recovery Console from the Boot.ini file.
Use a text editor (such as Notepad) to open the Boot.ini file, and then remove the entry for the
Recovery Console. The entry should look similar to this entry:
C:\cmdcons\bootsect.dat="Microsoft Windows 2000 Recovery Console" /cmdcons
Save the file and close it.
NOTE: You should now change the attribute for the Boot.ini file back to read-only.
Precautionary Measures
How to Install the Recovery Console as a Startup Console

It may be useful to install the Recovery Console on a computer that is functioning properly so that it is
available for use after a system failure. This precautionary measure can save time should you have to
use the Recovery Console.
NOTE: You must be logged on as an administrator or a member of the Administrators group to complete
the following procedure. Also, if your computer is connected to a network, network policy settings may
prevent you from completing this procedure.
To install the Recovery Console as a startup option:

1. While Windows is running, insert the Windows 2000 Professional CD-ROM into your CD-ROM
drive.
2. When you are prompted to upgrade to Windows 2000, click No.
3. At the command prompt, switch to your CD-ROM drive, type \i386\winnt32.exe /cmdcons, and
then press ENTER.
4. Follow the instructions on the screen. To use the Windows 2000 Recovery Console, restart your
computer, and then select Windows 2000 Recovery console from the Startup menu.
How to Create an Emergency Repair Disk

You can also use a Windows 2000 Emergency Repair Disk (ERD) to fix problems that prevent your
computer from starting. It may be useful to prepare an ERD when your computer is functioning well, so
you can be prepared to use it if you need to repair system files. To start a computer that needs repair,
use the Windows 2000 Setup CD-ROM or floppy disks you created from the CD-ROM and choose the
Repair method to utilize the ERD. The repairs that are possible with this method are limited to basic
system files, the partition boot sector, and the startup environment. The repair process does not
recover the registry.

Enroll : 167180363
NOTE: The ERD does not back up data or programs, and is not a replacement for regularly backing up
your computer. To replace registry files, use the Recovery Console.
Note that the repair process relies on information that is saved in the SystemRoot\Repair folder. You
must not change or delete this folder. If you also back up the registry to the Repair folder, you can save
your current registry files in a folder within your SystemRoot\Repair folder. This is useful if you must
recover your system in the event that your hard disk fails.
To create an ERD:
1. Click Start, point to Programs, point to Accessories, point to System Tools, and then click
Backup.
2. On the Tools menu, click Create an Emergency Repair Disk.
3. Follow the instructions that appear on your screen.
Question 2 troubleshoot the NTLDR is missing Error message in machine
Answer How to Troubleshoot the "NTLDR Is Missing" Error Message

When you start your Windows 2000-based computer, you may receive the following error message:
NTLDR is missing
Press any key to restart
This problem may occur if the basic input/output system (BIOS) on your computer is outdated, or if one
or more of the following Windows boot files are missing or damaged:
Ntldr
Ntdetect.com
Boot.ini
To resolve this issue, verify that the BIOS on your computer is current, and then use one or more of the
following methods, as appropriate to your situation, to repair the Windows 2000 startup environment.
IMPORTANT: Microsoft recommends that you fully back up your data on a regular basis. This is the best
defense against data loss, and it must be a part of any disaster recovery plan.
Verify That the BIOS on the Computer Is Current

Make sure that the latest revision for BIOS is installed on the computer. Contact the computer
manufacturer to inquire about how to obtain, and then install the latest BIOS update that is available for
the computer.
For information about how to configure and how to verify the correct BIOS settings for the computer,
see the computer documentation or contact the manufacturer of the computer. For more information
about how to contact BIOS manufacturers, click the following article numbers to view the articles in the
Microsoft Knowledge Base:
243909 List of BIOS manufacturer Web sites Part 1
243971 List of BIOS manufacturer Web sites Part 2
To repair the Windows startup environment, use one or more of the following methods, as appropriate
to your situation.

Enroll : 167180363
Method 1: Use a Boot Disk to Start the Computer
1. Create a Windows 2000 boot disk that contains the following files:
Ntldr
Ntdetect.com
Boot.ini
Ntbootdd.sys
For more information about how to create a boot disk, click the following article numbers to
view the articles in the Microsoft Knowledge Base:
301680 How to create a boot disk for an NTFS or FAT partition in Windows
101668 How to use a Windows boot disk to prevent boot failure
2. Modify the Boot.ini file to point to the correct hard disk controller and to the correct volume for
your Windows installation. For more information about how to create a boot disk, click the
following article number to view the article in the Microsoft Knowledge Base:
311578 How to edit the Boot.ini file in Windows 2000
3. Insert the boot disk into the computer's floppy disk drive, and then restart the computer.
4. Copy the Ntldr file, the Ntdetect.com file, and the Boot.ini file from the boot disk to the system
partition of the local hard disk.
Method 2: Use the Recovery Console
1. Use the Windows 2000 Setup disks to restart the computer, or use the Windows 2000 CD-ROM
to restart the computer.
2. At the Welcome to Setup screen, press R to repair the Windows 2000 installation.
3. Press C to repair the Windows 2000 installation by using the Recovery Console.
4. Type the number that corresponds to the Windows installation that you want to repair, and
then press ENTER. For example, type 1, and then press ENTER. For more information, click the
following article number to view the article in the Microsoft Knowledge Base:
229716 Description of the Windows Recovery Console
5. Type the Administrator password, and then press ENTER.
6. Type map, and then press ENTER. Note the drive letter that is assigned to the CD-ROM drive that
contains the Windows 2000 CD-ROM.
7. Type the following commands, pressing ENTER after you type each one, where drive is the drive
letter that you typed in step 4 of "Method 2: Use the Recovery Console," of this article:
copy drive:\i386\ntldr c:\
copy drive:\i386\ntdetect.com c:\

If you are prompted to overwrite the file, type y, and then press ENTER.
NOTE: In these commands, there is a space between the ntldr and c:\, and between
ntdetect.com and c:\.
8. Type the following command, and then press ENTER:
type c:\Boot.ini
A list similar to the following list appears:
[boot loader]
timeout=30
Enroll : 167180363
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000
Professional" /fastdetect
If you receive the following message, the Boot.ini file may be missing
or damaged:
The system cannot find the file or directory specified.

9. If the Boot.ini file is missing or damaged, create a new one. To do so, follow these steps:
a. Use a text editor, such as Notepad or Edit.com, to create a boot loader file similar to the
following boot loader file:
b. [boot loader]
c. timeout=30
d. default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
e.
f. [operating systems]
g. multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft
Windows 2000 Professional" /fastdetect
For more information, click the following article number to view the article in the
Microsoft Knowledge Base:
102873 Boot.ini and ARC path naming conventions and usage
301680 How to create a boot disk for an NTFS or FAT partition in Windows
h. Save the file to a floppy disk as Boot.ini.
NOTE: If you used Notepad to create the file, make sure that the .txt extension is not
appended to the Boot.ini file name.
i. Type the following command at the Recovery Console command prompt to copy the
Boot.ini file from the floppy disk to the computer:
copy a:\Boot.ini c:\
Type exit, and then press ENTER. The computer restarts.
Method 3: Use the Windows 2000 CD-ROM
1. Insert the Windows 2000 CD-ROM into the computer's CD-ROM drive or DVD-ROM drive, and
start Windows 2000 Setup.
2. On the Welcome to Setup page, press R.
3. On the Windows 2000 Repair Options page, press R.
4. When you are prompted to select one of the repair options, press M.
5. Press the UP ARROW, press the UP ARROW again, to select Verify Windows 2000 system files,
and then press ENTER to clear the selection.
6. Press the DOWN ARROW to select Continue (perform selected tasks), and then press ENTER.
The following message appears:
You need an Emergency Repair disk for the Windows 2000
installation you want to repair.
Enroll : 167180363
7. Do one of the following, as appropriate to your situation:

o If you have an Emergency Repair Disk, follow these steps:
a. Press ENTER.
b. Insert the Emergency Repair Disk into the computer's floppy disk drive, and then
press ENTER.
c. Follow the instructions to repair the installation, and then restart the computer.
-or-
If you do not have an Emergency Repair Disk, follow these steps:
. Press L. You receive a message similar to the following:
Setup has found Windows 2000 in the following folder:
drive:\WINNT "Microsoft Windows 2000"
a. Press ENTER.
Setup examines the disks, and then completes the repair process.
For more information about the emergency repair feature, click the following article number to
view the article in the Microsoft Knowledge Base:
231777 How to create an Emergency Repair Disk in Windows 2000
If Setup Cannot Locate Windows 2000

If you do not have a Windows 2000 Emergency Repair Disk, and if Setup cannot locate the Windows
2000 installation, follow these steps:
1. Start Windows 2000 Setup.
2. On the Setup will install Windows 2000 on partition page, select Leave the current file system
intact (no changes), and then press ENTER.
3. Press ESC to install Windows 2000 to a new folder.
4. In the Select the folder in which the files should be copied box, type \tempwin, and then press
ENTER.
Setup installs a new copy of Windows 2000.

5. Log on to the new copy of Windows 2000.
6. Click Start, and then click Run.
7. In the Open box, type cmd, and then click OK.
8. At the command prompt, type drive:, where drive is the boot drive of the computer, and then
press ENTER. For example, type c:, and then press ENTER.
9. Type attrib -h -r -s Boot.ini, and then press ENTER.
10. Type edit Boot.ini, and then press ENTER.
Edit.com opens a Boot.ini file that is similar to the following file:

11. [boot loader]
12. timeout=30
13. default=multi(0)disk(0)rdisk(0)partition(1)\TEMPWIN
14. [operating systems]
15. multi(0)disk(0)rdisk(0)partition(1)\TEMPWIN="Microsoft Windows
2000 Professional" /fastdetect

Enroll : 167180363
16. Replace all instances of TEMPWIN with WINNT. The Boot.ini file that appears is similar to the
following file:
17. [boot loader]
18. timeout=30
19. default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
20. [operating systems]
21. multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows
2000 Professional" /fastdetect
22. Press ALT+F, and then press S.
23. Press ALT+F, and then press X.
24. Type attrib +h +r +s Boot.ini, and then press ENTER.
25. Type exit to quit the command prompt.
26. Restart the computer.
27. At the Please select the operating system to start screen, use the ARROW keys to select
Microsoft Windows 2000, and then press ENTER.
28. Start Windows Explorer, locate the following folders, and then delete them:
Tempwin
All Users.Tempwin
Additional Resources
For more information about how to troubleshoot the "NTLDR is Missing" error message, click the
following article numbers to view the articles in the Microsoft Knowledge Base:
255220 "NTLDR is missing" error message when you upgrade or install Windows 2000 over Windows 95,
Windows 98 or Windows Millennium Edition
228004 Changing active partition can make your system unbootable
883275 You cannot start your computer after you modify the permissions in Windows Server 2003, in
Windows XP, or in Windows 2000
Perform a Parallel Installation of Windows 2000

If you cannot resolve the behavior described in the "Symptoms" section of this article by using any of
the methods discussed in this article or by viewing the Knowledge Base articles in the section of this
article, perform a parallel installation of Windows 2000, and then use Windows Explorer to copy the
data that you want to recover from your original Windows installation.
For more information about how to perform a parallel installation of Windows 2000, click the following
article number to view the article in the Microsoft Knowledge Base:
How to perform a parallel installation of Windows 2000 or Windows Server 2003

Enroll : 167180363

BCSL-063 Operating System Concepts and Networking Management

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BCSL-063 Operating System Concepts and Networking Management

Uploaded by

Copyright:

Available Formats

[OPERATING SYSTEM CONCEPTS AND NETWORKING

Question 1 View the TCP/ip setting.

Question 5 configure interfaces

Answer Configure Interfaces

Question 6 Configure routing protocols?

Answer Configuring Routing Protocol

Name: Rahul Kumar Singh Page 2

Question 7 Configure filters

Answer Creating a Filter

To create a new filter:

Name: Rahul Kumar Singh Page 3

Discard – Specifies that a packet is to be discarded

Create New Rule Parameters

Question 8 configure routes

Answer routes Configuration

1. line [aux | console | tty | vty] line-number

5. line [aux | console | tty | vty] line-number

Name: Rahul Kumar Singh Page 5

The following configuration shows the command-line access commands.

Configuring Static Routes

Name: Rahul Kumar Singh Page 6

1. ip route prefix mask {ip-address | interface-type interface-number [ip-address]}

Name: Rahul Kumar Singh Page 7

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

Question 9 Configure remote access

For Paths Under Windows Components\Remote Desktop Services:

Name: Rahul Kumar Singh Page 8

For Computer Configuration Path:

For Computer Configuration Path:

Question 10 Use winchat command and communicate with your friend

Session 2. Linux/ unix operating systems

Exercise 2. Try to explore the filesystem write what is there in

Answers How To Understand the Filesystem Layout in a Linux VPS

Some Brief Notes on the History of the Linux Filesystem Layout

Name: Rahul Kumar Singh Page 10

Name: Rahul Kumar Singh Page 11

 d: Directory (a file of a specific format that lists other files)

An Overview of the Linux Filesystem Layout

Name: Rahul Kumar Singh Page 12

Name: Rahul Kumar Singh Page 13

Name: Rahul Kumar Singh Page 14

Name: Rahul Kumar Singh Page 15

AnswersIntroduction to Unix commands

Name: Rahul Kumar Singh Page 16

To switch to a directory named /home/dvader/empire_docs, enter:

To move to the parent directory of the current directory, enter:

To move to the root directory, enter:

To return to your home directory, enter:

less and more

Name: Rahul Kumar Singh Page 17

Note: Do not print to a printer whose name or location is unfamiliar to you.

To learn more about man, enter:

Name: Rahul Kumar Singh Page 18

This command will make a new subdirectory.

Finding Files in a Directory Tree

 Basic Find: The basic find options.

Finding Files in a Directory Tree by Name

Name: Rahul Kumar Singh Page 19

Answers .6 Changing Passwords

Name: Rahul Kumar Singh Page 20

2.6.1 Selecting Your Own Password

$ SET PASSWORD [Return]

2.6.2 Using Generated Passwords