You are on page 1of 83

Introduction to Active Directory

Active Directory was introduced to the world in the mid-1990s by Microsoft as a replacement for Windows NT-style user authentication. Windows NT included a flat and non-extensible domain model which did not scale well for large corporations It is a directory in both the common use of the term like a white pages (you can add in a persons first name, last name, phone number, address, email address, etc) and a directory of information for use by applications and services (such as Microsoft Exchange for email). AD is functionally a place to store information about people, things (computers, printers, etc), applications, domains, services, security access permissions, and more. Applications and services then use the directory to perform a function If a user account is disabled in Active Directory, the directory itself is just setting a flag which Windows uses to disallow a user from logging in.

Basic Active Directory Components At its core, Active Directory needs structure to work properly. It provides the basic building blocks for people to build their own directory. These basic building blocks of

Active Directory include domains, domain controllers, trusts, forests, organizational units, groups, sites, replication, and the global catalog
Understanding Forests At the top of the Active Directory structure is a forest. A forest holds all of the objects, organizational units, domains, and attributes in its hierarchy. Under a forest are one or more trees which hold domains, OUs, objects, and attributes.

As illustrated in this image, there are two trees in the forest. You might use a structure like this for organizations with more than one operating company. You could also design a structure with multiple forests, but these are for very specific reasons and not common. Domains At the heart of the Active Directory structure is the domain. The domain is typically of the Internet naming variety (e.g., but you are not forced to stick with this structure you could technically name your domain whatever you wish. Microsoft recommends using as few domains and possible in building your Active Directory structure and to rely on Organizational Units for structure. Domains can contain multiple nested OUs, allowing you to build a pretty robust and specific structure Domain Controllers In Windows NT, domains used a Primary Domain Controller (PDC) and Backup Domain Controller (BDC) model. This had one server, the PDC, which was in charge while the other DCs where subservient. If the PDC failed, you had to promote a BDC to become the PDC and be the server in charge.

In Active Directory, you have multiple Domain Controllers which are equal peers. Each DC in the Active Directory domain contains a copy of the AD database and synchronizes changes with all other DCs by multi-master replication. Replication occurs frequently and on a pull basis instead of a push one. A server requests updates from a fellow domain controller. If information on one DC changes (e.g. a user changes their password), it sends signal to the other domain controllers to begin a pull replication of the data to ensure they are all up to date. Servers not serving as DCs, but in the Active Directory domain, are called member servers. Active Directory requires at least one Domain Controller, but you can install as many as you want (and its recommended you install at least two domain controllers in case one fails). Organizational Units An Organizational Unit (OU) is a container which gives a domain hierarchy and structure. It is used for ease of administration and to create an AD structure in the companys geographic or organizational terms.

Organizational Units An OU can contain OUs, allowing for the creating of a multi-level structure, as shown in the image above. There are three primary reasons for creating OUs: Organizational Structure: First, creating OUs allows a company to build a structure in Active Directory which matches their firms geographic or organizational structure. This permits ease of administration and a clean structure.

Security Rights: The second reason to create an OU structure is to assign security rights to certain OUs. This, for example, would allow you to apply Active Directory Policies to one OU which are different than another. You could setup policies which install an accounting software application on computers in the Accounting OU. Delegated Administration: The third reason to create OUs is to delegate administrative responsibility. AD Architects can design the structure to allow local administrators certain administrative responsibility for their OU and no other. This allows for a delegated administration not available in Windows NT networks.

Groups Groups serve two functions in Active Directory: security and distribution. A security group contains accounts which can be used for security access. For example, a security group could be assigned rights to a particular directory on a file server. A distribution group is used for sending information to users. It cannot be used for security access.

There are three group scopes: Global: Global scope security groups contains users only from the domain in which is created. Global security groups can be members of both Universal and Domain Local groups. Universal: Universal scope security groups can contain users, global groups, and universal groups from any domain. These groups are typically used in a multi-domain environment if access is required across domains. Domain Local: Domain Local scope groups are often created in domains to assign security access to a particular local domain resource. Domain Local scope groups can contain user accounts, universal groups, and global groups from any domain. Domain Local scope groups can contain domain local groups in the same domain.

Active Directory Installation

Some larger organizations take months (and in some cases, over a year) to plan a proper Active Directory design and get input from a global organization of technology leaders. It is extremely important to give a lot of thought to your AD design to ensure it meets your organizations needs.

Choosing Your AD Layout

As we mentioned earlier, there are many ways you can structure your Active Directory. From a top level down perspective, most companies either start with a geographic separation or a organizational structure separation, for example Americas, EMEA, PacificRIM for geographic or Accounting, Marketing, Technology, Sales for organizational structure. It does not matter which you select: either will provide a fine starting point for your domain structure, but you need to ensure you pick one direction and be consistent with your choices. Many organizations start with geography at the top level, then break down into business units or departments underneath that top level. It is important to write naming conventions and standards down so a team in Europe does not call an OU SalesMarketing while a team in North America calls an OU Sales. Consistency provides for an efficient and manageable Active Directory layout.

Installation Requirements
In this section, we will look at the installation requirements of Active Directory. Installing AD isnt a complex process, but the design and configuration can be. Here are the requirements for installing Active Directory on Windows Server 2003: An NTFS partition with enough free space An Administrators username and password NIC with Network Connection Properly configured TCP/IP (IP address, subnet mask and optional default gateway) An operational DNS server (which can be installed on the DC itself) A Domain name that you want to use Windows Server 2003 CD media or the i386 Folder Installing Active Directory Please note: these installation instructions are for a brand new domain not for adding a server as a member server or domain controller in an existing domain. Following these instructions in a production network is not recommended. We are going to review the AD installation process from a clean install of Windows Server 2003. You may have already set some of these settings, so look through the steps and perform any tasks you have failed to do. Set Network Settings 1. This server will be both a domain controller and a DNS server, so we are going to set a static IP address. 2. Click Start, Control Panel, Network Connections and select your network connection. 3. Click Properties.

4. Click Internet Protocol (TCP/IP) and click Properties.

5. Enter in your static IP address information and preferred DNS servers. Notice one of the DNS servers I listed is the server itself this will be a DNS server in a minute. 6. Click OK. 7. Click Close. 8. Click Close. 9. Click Start. Right-click on My Computer and select Properties. 10. Click on the Computer Name tab. 11. Click on the More button.

12. Enter in the domain name you are going to be using for your AD domain in the Primary DNS suffix of this computer text field. 13. Click OK. 14. Click OK. Acknowledge that you have to reboot and click OK. 15. Click Yes to the prompt asking you if you wan t to reboot. Install the DNS Service

16. On the Manage Your Server window, select Add or remove a role. (Dont see this window at startup? Find it at Start > All Programs > Administrative Tools > Manage Server) 17. Click Next.

18. Click DNS Server and click Next. 19. Click Next. 20. Insert your Windows Server 2003 setup cd and click OK. 21. Navigate to where the i386 folder is and click OK.

22. Click Next to start the DNS wizard.

23. Click Next to create a forward lookup zone.

24. Click Next that this server retains a the zone.

25. Name your zone with your domain name. Click Next. 26. Accept the default filename and click Next. 27. Click Allow both nonsecure and secure dynamic updates. Click Next.

28. Select whether or not this DNS server should forward queries. If you use an ISP for DNS resolution for Internet sites, enter in your ISPs DNS servers in the first option. If this DNS server will resolve all queries, select the second option. Click Next. 29. Click Finish. 30. Click Finish. 31. Congratulations! You have setup a DNS server! Setting Up Active Directory 32. On the Manage Your Server window, click Add or remove a role. 33. Click Next. 34. Select Domain Controller (Active Directory) and click Next. 35. Click Next. 36. Click Next when the Active Directory wizard opens. 37. Click Next.

38. Click Next.

39. Click Next.

40. Enter in your domain name and click Next.

41. Enter in a NetBIOS name or accept the default and click Next.

42. Click Next to accept the default locations for the database and log, or select a location for these files. 43. Enter a location for the Shared System Volume and click Next.

44. Click Next.

45. Click Next.

46. Enter in a password and click Next.

47. Click Next. 48. The wizard will configure Active Directory. 49. Click Finish to complete the wizard. 50. Click Restart Now. Congratulations, you have now completed the Active Directory wizard and AD is installed Creating Organizational Units As we discussed earlier, Organizational Units provide a mechanism to design a hierarchical structure within your Active Directory environment. Once you have designed your AD structure, you are ready to create the OUs in the environment. 1. Click Start > Administrative Tools > Active Directory Users and Computers. 2. Double-click the domain name to open it up.

3. You will see a default structure with no Organizational Units. Right-click on the domain name and select New > Organizational Unit.

4. Enter the name of the OU you want to create and click OK.

5. You will now see the OU you just created. Continue the process and build out the top level OUs.

6. You now have a structure from which to build your organizational structure. For a small organization, we would create a Users and Computers organizational unit under each of the top level OUs. 7. Right-click on Accounting and select New > Organizational Unit and enter in Computers. Click OK. Repeat this process for the Users OU.

8. &nbsp ; Now repeat the process for each department and you will have a structure of OUs created

Create a local user account

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To create a local user account

1. Open Computer Management. In the console tree, click Users.


Where? Computer Management/System Tools/Local Users and Groups/Users

4. 5.

On the Action menu, click New User.

Type the appropriate information in the dialog box. Select or clear the check boxes for: User must change password at next logon

User cannot change password Password never expires Account is disabled


Click Create, and then click Close.

To open Computer Management, click Start, click Control Panel, double-click Administrative Tools, and then double-click Computer Management

Once you have entered the values in the first page of the New ObjectUser dialog box, click Next. The second page of the dialog box, shown in Figure 3-2, allows you to enter the user password and to set account flags.


Reset the password for a local user account

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To reset the password for a local user account

1. Open Computer Management. In the console tree, click Users.


Where? Computer Management/System Tools/Local Users and Groups/Users

3. 4. 5.

Right-click the user account for which you want to reset the password, and then click Set Password.

Read the warning message, and if you want to continue, click Proceed.

In New password and in Confirm password, type a new password and then click OK.

Disable or activate a local user account

Updated: January 21, 2005 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To disable or activate a local user account

1. Open Computer Management. In the console tree, click Users.


Where? Computer Management/System Tools/Local Users and Groups/Users


Right-click the user account you want to change, and then click Properties.

Do one of the following:

To disable the selected user account, select the Account is disabled check box. To activate the selected user account, clear the Account is disabled check box.

Moving a User
If a user is transferred within an organization, it is possible that you might need to move his or her user object to reflect a change in the administration or configuration of the object. To move an object in Active Directory Users and Computers, select the object and, from the Action menu, choose Move. Alternatively, you can right-click the object and select Move from the shortcut menu.

Local Users and Groups overview

Updated: January 21, 2005 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Local Users and Groups overview

Local Users and Groups is located in Computer Management, a collection of administrative tools that you can use to manage a single local or remote computer. You can use Local Users and Groups to secure and manage user accounts and groups stored locally on your computer. A local user or group account can be assigned permissions and rights on a particular computer and that computer only. Local Users and Groups is available on the following client and server operating systems: Client computers running Microsoft Windows 2000 Professional or Windows XP Professional Member servers running a product in the Microsoft Windows 2000 Server family or the Windows Server 2003 family Stand-alone servers running a product in the Microsoft Windows 2000 Server family or the Windows Server 2003 family Using Local Users and Groups you can limit the ability of users and groups to perform certain actions by assigning them rights and permissions. A right authorizes a user to perform certain actions on a computer, such as backing

up files and folders or shutting down a computer. A permission is a rule associated with an object (usually a file, folder, or printer), and it regulates which users can have access to the object and in what manner. You cannot use Local Users and Groups to view local user and group accounts once a member server has been promoted to a domain controller. However, you can use Local Users and Groups on a domain controller to target remote computers (that are not domain controllers) on the network. Use Active Directory Users and Computers to manage users and groups in Active Directory.

Local user accounts

Local user accounts
The Users folder located in the Local Users and Groups Microsoft Management Console (MMC) displays the default user accounts as well as the user accounts you create. These default user accounts are created automatically when you install a stand-alone server or member server running Windows Server 2003. The following table describes each default user account on servers running Windows Server 2003. Default user account Administrator account Description The Administrator account has full control of the server and can assign user rights and access control permissions to users as necessary. This account must be used only for tasks that require administrative credentials. It is highly recommended that you set up this account to use a strong password. For more information, see Strong passwords. For additional security considerations for accounts with administrative credentials, see Local Users and Groups Best practices. The Administrator account is a member of the Administrators group on the server. The Administrator account can never be deleted or removed from the Administrators group, but it can be renamed or disabled. Because the Administrator account is known to exist on many versions of Windows, renaming or disabling this account will make it more difficult for malicious users to try and gain access to it. For more information about how to rename or disable a user account, see Rename a local user account and Disable or activate a local user account. The Administrator account is the account you use when you first set up the server. You use this account before you create an account for yourself. Important Even when the Administrator account has been disabled, it can still be used to gain access to a computer using Safe Mode.

Guest account

The Guest account is used by people who do not have an actual account on the computer. A user whose account is disabled, but not deleted, can also use the Guest account. The Guest account does not require a password. The Guest account is disabled by default, but you can enable it. You can set rights and permissions for the Guest account just like any user account. By default, the Guest account is a member of the default Guests group, which allows a user to log on to a server. Additional rights, as well as any permissions, must be granted to the Guests group by a member of the Administrators group. The Guest account is disabled by default, and it is recommended that it stay disabled. The primary account used to establish a Remote Assistance session. This account is created automatically when you request a Remote Assistance session and has limited access to the computer. The HelpAssistant account is managed by the Remote Desktop Help Session Manager service and will be automatically deleted if no Remote Assistance requests are pending. For more information about Remote Assistance, see Administering Remote Assistance.

HelpAssistant account (installed with a Remote Assistance session)

Managing files for local user accounts

Managing files for local user accounts

Administrators can use home folders and My Documents to collect user files in one location. User files located in one place simplifies the backup process and makes access control management easier to maintain. Home folders can be a local folder or a folder located on a shared resource and can be assigned to a single user or many users. When a home folder is assigned to a user, it becomes the user's default folder for the Open and Save As dialog boxes, for command prompt sessions, and for all programs without a defined working folder. The My Documents folder is an alternative for home folders, but it does not replace them. When a user tries to save or open a file, most programs determine whether to use the home folder or My Documents in one of two ways: Some programs first look in the home folder for files that match the type of file that is to be opened or saved (for example, *.doc or *.txt). If a file with that extension is found, the program opens the home folder and ignores My Documents. If a file of that type is not found, the program opens My Documents. In other programs, the home folder is ignored, regardless of whether the home folder contains any files.

For more information about how to assign home folders, see Assign a home folder to a local user account. When upgrading servers from Windows NT 4.0 or earlier, programs that have stored documents in the home folder will continue to open and save documents in the home folder. However, if a program is installed after you have upgraded, the program uses My Documents to open and save files.

Backing up and restoring data
Backup is a utility that you can use to back up and restore user data Step Review key concepts and prepare to back up data. Verify that you are logged on as a member of the Backup Operators group or Administrators group. Verify that you can connect to all shared folders on other computers that need to be backed up. Note: you cannot back up another computer's System State or another domain controller. If you are using an external storage device, verify that it is compatible with products in the Windows Server 2003 family. Confirm that it is connected directly to the computer that is performing the backup and that the computer is turned on. If you are backing up to a tape, insert the required tape into the tape drive. If you are backing up to a disk drive, verify that there is enough available space. If you are backing up an Encrypted File System (EFS), first back up the designated recovery agent's EFS private key (the PKCS #12 file) to ensure the successful recovery of encrypted data in case of a disaster such as a system failure. To back up files manually, use the Backup or Restore Wizard or click the Backup tab in the Backup UI to select files to backup. To back up files automatically, use the schedule feature in backup. Export a certificate with the private key Check the hardware compatibility information in Support resources. Reference Backup Concepts Identify members of a local group

Back up files to a file or a tape Schedule a backup

Types of backup
Types of backup
The Backup utility supports five methods of backing up data on your computer or network. Copy backup A copy backup copies all the files you select, but does not mark each file as having been backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental backups because copying does not affect these other backup operations. Daily backup A daily backup copies all the files that you select that have been modified on the day the daily backup is performed. The backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared). Differential backup A differential backup copies files that have been created or changed since the last normal or incremental backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared). If you are performing a combination of normal and differential backups, restoring files and folders requires that you have the last normal as well as the last differential backup. Incremental backup An incremental backup backs up only those files that have been created or changed since the last normal or incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared). If you use a combination of normal and incremental backups, you will need to have the last normal backup set as well as all incremental backup sets to restore your data. Normal backup A normal backup copies all the files you select and marks each file as having been backed up (in other words, the archive attribute is cleared). With normal backups, you only need the most recent copy of the backup file or tape to restore all of the files. You usually perform a normal backup the first time you create a backup set. Backing up your data using a combination of normal backups and incremental backups requires the least amount of storage space and is the quickest backup method. However, recovering files can be time-consuming and difficult because the backup set might be stored on several disks or tapes. Backing up your data using a combination of normal backups and differential backups is more time-consuming, especially if your data changes frequently, but it is easier to restore the data because the backup set is usually stored on only a few disks or tapes.

Managing Backup from the command line

Managing Backup from the command line
In addition to using the Backup Wizard, you can use the following command line utility to manage Backup:


For information about other command-line utilities, see Command-line reference A-Z.

The first time you launch the backup utility, it runs in Wizard mode, as shown in Figure 7-1. This chapter focuses on the more commonly used Backup Utility interface. If you agree with most administrators that it is easier to use the standard utility than the wizard, clear the Always Start In Wizard Mode check box, and then click Advanced Mode.

As you can see on the utilitys Welcome tab in Figure 7-2, you can back up data man_ually (the Backup tab) or using the Backup Wizard. You can also schedule unattended backup jobs. The Backup Utility is also used to restore data manually (the Restore And Manage Media tab) or using the Restore Wizard. The Automated System Recovery (ASR) Wizard, which backs up critical operating system files, will be discussed later in this book.

This lesson focuses on data backup planning and execution, and to explore the capa_bility of the Backup Utility we will use the Backup tab, as shown in Figure 7-3, rather than the Backup Wizard.

Figure 7-

Volume shadow copy overview

Volume shadow copy overview
With Backup, you can create shadow copy backups of volumes and exact copies of files, including all open files. For example, databases that are held open exclusively and files that are open due to operator or system activity are backed up during a volume shadow copy backup. In this way, files that have changed during the backup process are copied correctly. Shadow copy backups ensure that: Applications can continue to write data to the volume during a backup. Files that are open are no longer omitted during a backup. Backups can be performed at any time, without locking out users.

Some applications manage storage consistency differently while files are open, which can affect the consistency of the files in the backup. For critical applications, consult the application documentation or your provider for

information about the recommended backup method. When in doubt, shutdown the application before performing a backup. It is highly recommended that you perform backups when server usage is low. For example, perform backups late at night.

Shadow Copies for Shared Folders

Shadow Copies of Shared Folders
Shadow Copies of Shared Folders provides point-in-time copies of files that are located on shared resources, such as a file server. With Shadow Copies of Shared Folders, you can view shared files and folders as they existed at points of time in the past. You can use shadow copies when you want to recover files that were accidentally deleted or overwritten, as well as to compare different versions of files.

Shared Folders
Shared Folders
You can use the Shared Folders snap-in to manage shared resources over a network. With Shared Folders you can control user access permissions, session activity, and shared resource properties.

For tips about using Shared Folders, see Best practices for Shared Folders. For help with specific tasks, see Shared Folders How To.... For general background information, see Shared Folders Concepts. For problem-solving instructions, see Troubleshooting Shared Folders

Disk Quotas
Disk quotas
You use disk quotas to monitor and limit disk space use on NTFS volumes

Apply appropriate disk quota limits

Apply disk quota limits according to realistic disk space requirements for your users. Start by classifying users by the amount of disk space that you anticipate they will require (for example, users who work with scanned photographs or artwork may require a large amount of disk space). Next, structure your volumes by those classes, and then use disk quotas to limit the amount of disk space allowed for the users on each volume. Ensure that you have enough disk space to accommodate both existing users and future additions. Each file stored on the volume can use up to 64 kilobytes (KB) of NTFS metadata that is not applied to a user's quota limit. To avoid running out of disk space, ensure that there is sufficient disk space to accommodate this metadata.

Set default limits

Set moderately restrictive default limits for all user accounts, and then modify the limits to allow more disk space to users who work with large files. It may be better to increase disk quota limits for a few user

accounts than to force some users to work with a quota limit that does not meet their needs. User Policies occupy at least 2 megabytes (MB) of disk space, so you should set the default limits for all user accounts above 2 MB.

View disk quota settings

To view disk quota settings
1. Open My Computer. Right-click the disk volume for which you want to view disk quota settings, and then click Properties.

2. 3.

In the Properties dialog box, click the Quota tab.

To enable disk quotas

1. Open My Computer. Right-click the disk volume for which you want to enable disk quotas, and then click Properties.

2. 3. 4. 5.

In the Properties dialog box, click the Quota tab.

On the Quota tab, click the Enable quota management check box.

Select one or more of the following options, and then click OK:

To manage disk quotas on a remote computer

1. 2.

Right-click My Computer, and then click Map Network Drive.

In the Map Network Drive dialog box, in the Folder box, type the path to the volume on the remote computer for which you want to manage disk quotas, and then click Finish.

3. 4. 5. 6.

After you connect to the remote computer's volume, open My Computer.

Right-click the remote volume for which you want to manage disk quotas, and then click Properties.

In the Properties dialog box, click the Quota tab.

On the Quota tab, click Quota Entries.

The Quota Entries window appears. Each row in the list contains information for a user of the volume. Notes

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider

using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

How to Join Your Computer to a Domain

Note You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. Logon as Administrator. Right-click My Computer, and then click Properties. The System Properties dialog box is displayed.

1. 2.

On the Computer Name tab, click Change. On the Computer Name Changes dialog box, select Domain and enter the name of the domain in the text box, as shown in Figure 1 below. In this example, the computer currently named hq-res-wrk-o1 is joined to the Reskit domain.


Figure 1. Joining a computer to a domain. Provide user name and password credentials to show you have the appropriate permissions to join the desired domain.


When the Welcome to the domain message appears, click OK. You will need to restart you computer for the change to take effect.

How to Convert FAT Disks to NTFS

This article describes how to convert FAT disks to NTFS. See the Terms sidebar for definitions of FAT, FAT32 and NTFS. Before you decide which file system to use, you should understand the benefits and limitations of each of them. Changing a volume's existing file system can be timeconsuming, so choose the file system that best suits your longterm needs. If you decide to use a different file system, you must back up your data and then reformat the volume using the new file system. However, you can convert a FAT or FAT32 volume to an NTFS volume without formatting the volume, though it is still a good idea to back up your data before you convert. Note Some older programs may not run on an NTFS volume, so you should research the current requirements for your software before converting.

Choosing Between NTFS, FAT, and FAT32

You can choose between three file systems for disk partitions on a computer running Windows XP: NTFS, FAT, and FAT32. NTFS is the recommended file system because its is more powerful than FAT or FAT32, and includes features required for hosting Active Directory as well as other important security features. You can use features such as Active Directory and domainbased security only by choosing NTFS as your file system. Top of page

Converting to NTFS Using the Setup Program

The Setup program makes it easy to convert your partition to the new version of NTFS, even if it used FAT or FAT32 before. This kind of conversion keeps your files intact (unlike formatting a partition). Setup begins by checking the existing file system. If it is NTFS, conversion is not necessary. If it is FAT or FAT32, Setup gives you the choice of converting to NTFS. If you don't need to keep your files intact and you have a FAT or FAT32 partition, it is recommended that you format the partition with NTFS rather than converting from FAT or FAT32. (Formatting a partition erases all data on the partition and allows you to start fresh with a clean drive.) However, it is still advantageous to use NTFS, regardless of whether the partition was formatted with NTFS or converted. Top of page

Converting to NTFS Using Convert.exe

A partition can also be converted after Setup by using Convert.exe. For more information about Convert.exe, after completing Setup, click Start, click Run, type cmd, and then press ENTER. In the command window, type help convert, and then press ENTER. It is easy to convert partitions to NTFS. The Setup program makes conversion easy, whether your partitions used FAT, FAT32, or the older version of NTFS. This kind of conversion keeps your files intact (unlike formatting a partition. To find out more information about Convert.exe 1. After completing Setup, click Start, click Run, type cmd, and then press ENTER.


In the command window, type help convert and then press ENTER. Information about converting FAT volumes to NTFS is made available as shown below.

Converting FAT volumes to NTFS To convert a volume to NTFS from the command prompt 1. Open Command Prompt. Click Start, point to All Programs, point to Accessories, and then click Command Prompt.


In the command prompt window, type: convert drive_letter: /fs:ntfs

For example, typing convert D: /fs:ntfs would format drive D: with the ntfs format. You can convert FAT or FAT32 volumes to NTFS with this command. Important Once you convert a drive or partition to NTFS, you cannot simply convert it back to FAT or FAT32. You will need to reformat the drive or partition which will erase all data, including programs and personal files, on the partition. Top of page Related Links


Windows 2000 Resource Kit

Top of page

File Allocation Table (FAT) A file system used by MS-DOS and other Windows-based operating systems to organize and manage files. The file allocation table (FAT) is a data structure that Windows creates when you format a volume by using the FAT or FAT32 file systems. Windows stores information about each file in the FAT so that it can retrieve the file later. FAT32 A derivative of the file allocation table (FAT) file system. FAT32 supports smaller cluster sizes and larger volumes than FAT, which results in more efficient space allocation on FAT32 volumes. NTFS File System An advanced file system that provides performance, security, reliability, and advanced features that are not found in any version of FAT. For example, NTFS guarantees volume consistency by using standard transaction logging and recovery techniques. If a system fails, NTFS uses its log file and checkpoint information to restore the consistency of the file system. In Windows 2000 and Windows XP, NTFS also provides advanced features such as file and folder permissions, encryption, disk quotas, and compression.

How to Share and Set Permissions for Folders and Files Using Windows XP

File and Printer Sharing for Microsoft Networks

The File and Printer Sharing for Microsoft Networks component allows computers on a network to access resources on other computers using a Microsoft network. This component is installed and enabled by default. It is enabled per connection using TCP/IP and is necessary to share local folders. The File and Printer Sharing for Microsoft Networks component is the equivalent of the Server service in Windows NT 4.0. To share folders with other users on your network


Open My Documents in Windows Explorer. Click Start, point to All Programs, point to Accessories, and then click Windows Explorer. Click the folder you want to share. Click Share this folder in File and Folder Tasks. In the Properties dialog box select the radio button Share this folder to share the folder with other users on your network, as shown in Figure 1 below.

3. 4.

Figure 1. Sharing a folder on a network


To change the name of the folder on the network, type a new name for the folder in the Share name text box. This will not change the name of the folder on your computer. Note The Sharing option is not available for the Documents and Settings, Program Files, and Windows system folders. In addition, you cannot share folders in other users profiles.

To set, view, change, or remove file and folder permissions


Open Windows Explorer, and then locate the file or folder for which you want to set permissions. To open Windows Explore click Start, point to All Programs, point to Accessories, and then click Windows Explorer.


Right-click the file or folder, click Properties, and then click the Security tab as shown in Figure 2 below.

Figure 2. Setting file and folder permissions 3. To set permissions for a group or user that does not appear in the Group or user names box, click Add. Type the name of the group or user you want to set permissions for and then click OK, as shown in Figure 3 below.

Figure 3. Adding new group or user permissions 4. To change or remove permissions from an existing group or user, click the name of the group or user and do one of the following, as shown in Figure 2 above:


To allow or deny a permission, in the Permissions, select the Allow or Deny check box. To remove the group or user from the Group or user names box, click Remove.

In Windows XP Professional, the Everyone group no longer includes Anonymous Logon. You can set file and folder permissions only on drives formatted to use NTFS. To change permissions you must be the owner, or have been granted permission to do so by the owner. Groups or users granted Full Control for a folder can delete files and subfolders within that folder regardless of the permissions protecting the files and subfolders.

If the check boxes under Permissions for user or group are shaded or if the Remove button is unavailable, then the file or folder has inherited permissions from the parent folder. When adding a new user or group, by default, this user or group will have Read & Execute, List Folder Contents, and Read permissions.

Internet Information Services

IIS (Internet Information Services) is a secure, reliable, and scalable Web server that provides an easy to manage platform for developing and hosting Web applications and services.

Shadow copy


Disks and Volumes

Disks and Volumes
The Microsoft Windows Server 2003 operating system offers two types of disks for storing information on your server: basic and dynamic. Basic and dynamic disks offer flexibility in the types of volumes you use to store data. In x86-based computers, basic disks are the default type of storage and use the same disk structures as those used by the Microsoft MS-DOS operating system and all previous versions of Microsoft Windows. Dynamic disks provide features that basic disks do not, such as the ability to create volumes that span multiple disks, including fault-tolerant volumes. Dynamic disks were introduced in Microsoft Windows 2000, and use a database to track information about dynamic volumes on the disk and about other dynamic disks in the computer. Because each dynamic disk in a computer stores a replica of the dynamic disk database, Windows Server 2003 can repair a corrupted database on one dynamic disk by using the database on another dynamic disk. When using basic disks in x86-based computers, you are limited to creating four primary partitions per disk, or three primary partitions and one extended partition with unlimited logical drives. Primary partitions and logical drives on basic disks are known as basic volumes. All volumes on dynamic disks are known as dynamic volumes. All dynamic disks in a computer automatically belong to the same disk group. The term partition style refers to the method that Windows Server 2003 uses to organize partitions on the disk. All x86-based computers use the partition style known as the master boot record (MBR). The MBR contains a partition

table that describes where the partitions are located on the disk. Because MBR is the only partition style available on x86-based computers, it is used automatically and you do not need to choose this style. Itanium-based computers running the 64-bit versions of Windows Server 2003 use a new partition style called the globally unique identifier (GUID) partition table (GPT). The GPT partition style supports partitions up to 2 terabytes and 128 partitions per disk. Note

You can use the 64-bit versions of Windows Server 2003 to manage MBR disks and GPT disks. However, you cannot start the 64-bit versions of Windows Server 2003 from an MBR disk.

After you install a new disk, you must choose a partition style and storage type to use on the disk. Your choices vary according to which operating system you are running and whether the computer is an x86-based computer or an Itanium-based computer. The following table lists the storage types and partition styles that are available for each version of Windows Server 2003. Storage Types and Partition Styles Available in Windows Server 2003

Operating System Windows Server 2003, Standard Edition Windows Server 2003, Enterprise Edition Windows Server 2003, Datacenter Edition Windows Server 2003, Web Edition The 64-bit version of Windows Server 2003, Enterprise Edition The 64-bit version of Windows Server 2003, Datacenter Edition

Basic Volumes

Dynamic Simple, Spanned, and Striped Volumes

Dynamic Mirrored and RAID-5 Volumes

MBR Partition Style

GPT Partition Style

The introduction of GPT makes understanding the partition styles a bit more challenging, but most disk-related tasks are unchanged. You can still use basic disks and dynamic disks as you did in Windows 2000, and these storage types are available on disks that use either partition style. The Disk Management snap-in differentiates between partition styles by referring to disks that use the master boot record as MBR disks and disks that use the GUID partition table as GPT disks. The following figure shows how Disk Management displays GPT and MBR disks in an Itanium-based computer. How Disk Management Displays GPT and MBR Disks on an Itanium-based Computer

How to Improve Computer Speed

What Is A Registry Cleaner A registry cleaner is a type of program that allows a user to clean his/her registry. The registry is a collection of essential computer files that allows the operating system to run properly and access various files and programs on the computer. When the registry becomes corrupted by missing files, files with the same name or content, or files that cannot be accessed, the computers performance and speed may be hindered. By simply running a registry cleaner, such as CCleaner, the user can dramatically increase his/her computers speed. What is a Defragmenter

A defragmenter is a program that allows a user to rearrange the contents of his/her computer files. Computers store information by spreading files throughout a hard drive and then locating and accessing that information when it is needed. When that information is spread too thin due to empty spaces in the hard drive or duplicate files, the computers performance may be effected. By rearranging those files in order for all of the information to be located in the same sector of the hard drive and deleting unnecessary files, a defragmenter can significantly improve the computers speed. The defragmenter included with the Windows Operating System can be found by opening the Start Menu, opening All Programs, clicking on Accessories, clicking on System

Tools, and selecting Disk Defragmenter. What is Disk Cleanup Disk Cleanup is a feature provided by the Windows Operating System that allows users to delete files that are not needed. For example, Disk Cleanup is capable of deleting the users web history, temporary Internet files, cookies, and saved form data, in addition to removing unused desktop icons, disabling unused services, and deleting programs that are no longer in use. By freeing memory that would have otherwise been used to support unnecessary files, Disk Cleanup can improve the users computer speed. Disk Cleanup can be found by opening the Start Menu, opening All Programs, clicking on Accessories, clicking on System Tools, and selecting Disk Cleanup, which is directly above Disk Defragmenter. What Is Antivirus Software Antivirus software refers to any program that is able to locate, recognize, and remove malicious software such as viruses, trojans, worms, spyware, and keyloggers. Antivirus software usually has a built-in database of known viruses and uses that to find malicious software located on the users computer. Malicious software slows down the users computer by taking up unnecessary space and memory as well as specifically attacking the registry and files that allow specific programs to run. By removing malicious software from a computer, antivirus software is able to significantly increase the computers performance and speed.

Clientserver model
The clientserver model of computing is a distributed application structure that partitions tasks or workloads between the providers of a resource or service, called servers, and service requesters, called clients.[1] Often clients and servers communicate over a computer network on separate hardware, but both client and

server may reside in the same system. A server machine is a host that is running one or more server programs which share their resources with clients. A client does not share any of its resources, but requests a server's content or service function. Clients therefore initiate communication sessions with servers which await incoming requests


Schematic clients-server interaction.

The clientserver characteristic describes the relationship of cooperating programs in an application. The server component provides a function or service to one or many clients, which initiate requests for such services. Functions such as email exchange, web access and database access, are built on the clientserver model. Users accessing banking services from their computer use a web browser client to send a request to a web server at a bank. That program may in turn forward the request to its own database client program that sends a request to a database server at another bank computer to retrieve the account information. The balance is returned to the bank database client, which in turn serves it back to the web browser client displaying the results to the user. The clientserver model has become one of the central ideas of network computing. Many business applications being written today use the clientserver model. So do the Internet's main application protocols, such as HTTP, SMTP, Telnet, and DNS. The interaction between client and server is often described using sequence diagrams. Sequence diagrams are standardized in the Unified Modeling Language. Specific types of clients include web browsers, email clients, and online chat clients. Specific types of servers include web servers, ftp servers, application servers, database servers, name servers, mail servers, file servers, print servers, and terminal servers. Most web services are also types of servers. What is Server : The history of servers moves parallel to the history of computer networks. The computer networks allow multi systems to communicate with each other at the same time and its evolution was expected to assign some computers with some serving role where all other computers that are in direct interaction with the human users, perform as clients. Servers have grown along with

the development and growth of networks. To do the job of serving, servers and associated software are manufactured The history of servers moves parallel to the history of computer networks. The computer networks allow multi systems to communicate with each other at the same time and its evolution was expected to assign some computers with some serving role where all other computers that are in direct interaction with the human users, perform as clients. Servers have grown along with the development and growth of networks. To do the job of serving, servers and associated software are manufactured The origin of server is to serve - technically means that the specific computer is serving all those computers that are present in its network. It facilitates them by making queue of the printing command of several computers at a time and also acts like a file server for those applications that are accessed by the online terminals. Today the role of server is similar to that of microcomputers of the past which are now substituted. For this role many servers are appointed but this allocation does not limit the role of a server as many other roles can be assigned to the server simultaneously. For instance we can take the example of a small office where a desktop computer can serve all other computers present within the office while simultaneously serving as a workstation for some employee. Types of servers - What are the types of servers available with brief information Typically servers are of four types: FTP servers, proxy servers, online game servers and web servers. Server networking model or client is used by many systems together with email services and web sites. Peer to peer networking, a substitute model, makes all computers to work like servers and clients simultaneously. You can better understand a server by these examples. Name servers gives information about internet host names, FTP servers keep hold on FTP sites and provide files to does users who request for it, mail servers are responsible for delivering e-mails, web servers are bound to send web pages where list servers are programmed to administrate mailing lists. Servers are physically like other computers where their hardware configuration is specifically optimized to make them most appropriate for their role. In many servers the hardware installed is alike the hardware of any other normal computer but the software run in the server is far more different form the software that are installed in other computers. Additional processing, storage capacity and memory are commonly configured in the network servers to improve its capacity to handle clients other computers on the network The underlying hardware or software for a system that drives the server is called a server platform. Instead of operating system, the term server platform is used. Application Servers

Application servers have lions share in computer territory between database servers and the end user, where servers are often connected to the two. They are often referred as middleware Middleware is that software which establishes a connection between two separate applications

that are otherwise apart. A number of middleware products can link a database system to a Web server. It enables users to request data from database by the help of those forms that are displayed on Web browser and based on the users profile and request, allowing the Web server to return dynamic Web pages. List Servers To improve the management of mailing lists list servers are used despite of what is there type. Whether they are interactive debates open to the public or one-way lists that deliver newsletters, announcements or advertising. Chat Servers This server enables a number of people to share information in the environment of an internet newsgroup that offer real time discussion capabilities. It is used to refer to a number of different features of computer. To immediately respond to the input real-time operating systems are used. IRC Servers Internet Relay Chat is comprised of various independent networks of servers that allow users to connect to each other via an IRC network. It is an option for those who are seeking real time competence. Fax Servers Those organizations that want to reduce the incoming and outgoing telephone resources; a fax server is an ideal solution. However, there is a need to fax the actual document. Groupware Servers It is software that is designed to make the users able to work together, regardless of their location, through Internet or a corporate Intranet and to work together in a virtual environment. Mail Servers Mail server is as important as web server s and mail servers to send and store mails on the corporate networks through LANs and WANs and across the internet. Telnet Servers By the help of it users log on to a host computer and perform work as if they are working on isolated computer. News Servers They work as source of distribution and delivery for hundreds of available public news groups accessible over the USENET news network. USENET is global bulletin board system that can be approached via internet or via a variety of online services Proxy Servers These servers work in-between a client programme (commonly a Web browser) and an external server (another server on web) to filter requests, improve performance, and share connections. The role played by the server in a network is very significant. An out of order server can halt the interconnectivity of all computers on its network. The rise in the usage of internet in homes and office users along with the increase in corporate computer networks are responsible for boosting the development of server. Servers are used in todays computers and we do not know what will

be there developed form and of course what will be the choice of the upcoming generation. Let us wait and see how will be these serving computers molded in near future

How to Configure Print Server

A computer or a device that is connected or interlinked with one/single or more than one computer or different print devices and also with the client computer over a wide network and can perform the printing tasks from all computers and send them to appropriate print devices is known as print server or a printer server. In some cases software or a driver also provide to the users who spread over a wide network but they has network access with the central printer. Print server or printer server sometimes acts as a buffer and stored all the information to be printed out in its memory until the printer or print device is free The print server serves these requests on the first come first serve basis but there are some distinct features in the printing software which help to perform these tasks on the basis of priority i.e. you can give preferences to some printing requests. There are different printing protocols which are introduced by Microsoft networks by which the client computers can be connected with print server or printer. There are a large number of important protocols that support dedicated print servers. Some important protocols are as follows TCP/IP, NetBEUI, IPX/SPX, LPD/LPR and also NetBIOS

Set up Print Server: There are several ways to setup up print server or printer. Some important ways to setup print server on latest operating systems are given below: 1. First of all turn on all the operating systems on which you want to have access to the print server. After that open the CD- Rom of the main computer or server and insert the CD of print server driver into it. By using a wire connects the main computer with your router to carry on the printing tasks. Then follow the instructions on, the screen and install the print server driver to your computer. If your operating system fails to start the installation of the driver automatically, then click on My Computer and by double clicking on the CD drive icon you can install the required software into your computer and after installation remove the CD of printing software from the CD drive. 2. After installing the print driver, open your router administration interface and assign the static address to it. Then open your browser and open your router administrative interface and enter your IP address into your browser and press Enter. If it works then follows the next instruction and if it doesnt work then you should consult your routers documentation for the proper details of your address. 3. Then click TCP or IP and select the fixed IP address. After that you should select the IP address outside the normal range. Note and store the added IP address because you will need that in future, then click OK or Apply.

4. After apply or OK select automatic configuration of DHCP from the menu and enable the DHCP server under static DNS 1. After selection from menu you would enter the same IP address that you added earlier and then close administrator. 5. Then configure your printer on your personal computer. Open the Control panel by using the Start button present on the Taskbar and click Printer or Faxes, then open the properties of your printer by right clicking the printer icon and click on Sharing but do not share this printer. If you want to install other drivers then click on Install Additional Drivers and then click OK.

6. After sharing go to the Ports and check the different printers next to your printer by clicking the Check box. Click on the Configure Ports button and enter the required IP address which you added earlier during installation. Then click Ok and close the window. 7. To configure the printers on remaining computers you should open the printer and faxes from control panel and follow instructions. To install repeat the step no. 5 and step no.6.

How to manually add a Print Server Port?

This article explains how to manually add a Print Server port to a computer. Before you begin, ensure that the print server and the computer are connected to the network.

Install the printer driver to the computer first and make sure that we are able to print directly. Follow the steps below after putting the printer and computer back to your network.

1. Click on Start, then Control Panel, then Printers and Faxes. Right click on the Printer and select

2. On the printer properties window, select Ports tab and click on Add Port

3. Select Standard TCP/IP Port and click on New Port.

4. This will bring the Add Standard TCP/IP Printer Port Wizard, click Next

5. In the field for Printer Name or IP Address, type the IP address of the print server and click Next.

Note: You may check other computers printer port to verify the IP address of the print server.

6. Select Custom and click Settings button.

7. Under Protocol field, select LPR. For Queue Name, type L1 depending on what print server port is the
printer connected to.

Note: if youre print server that has 2 or more printer ports, like WGPS606, type L and the number of the printer port used. Example printer is connected to port 2 then you must use L2.

8. Click Ok, then Next, and Finish.

What is networking switch - Types of Network Switch

There are many networking devices arte used to carry on the working and the performance of the network. Similarly another networking device takes part in this race that is called as network switch. Basically it is defined as the networking device that able to join or connect the different fragments of the network and continues networking by forming a bridge between them is called as the network switching. It is also called as the switching hub. Networking switches are generally not applicable on the passive networks. Due to the

What is networking switch - Types of Network Switch

There are many networking devices arte used to carry on the working and the performance of the network. Similarly another networking device takes part in this race that is called as network switch. Basically it is defined as the networking device that able to join or connect the different

fragments of the network and continues networking by forming a bridge between them is called as the network switching. It is also called as the switching hub. Networking switches are generally not applicable on the passive networks. Due to the ability of the forming a bridge between the networking components they are also referred to as the network bridge.

How Network Switch Works? A particular switch can perform different functions such as connecting the network segments or monitoring the networking traffic or also can pass the IP traffic. As we all know that the basic function of the switch is to connect the networking parts so, when they installed properly they are able deal with all the parts of network such as hubs, printers or another networking device that is required to do the communication between two places. So, the function of the networking switch is quite similar to that of the routing device. Network switches are use to transfer the data in the form of data packets between the two different networking devices present in the LAN network. The main advantage of the using the network switch instead of router is that it can organize a network between more then 200 devices. During transformation network switch also monitors the network traffic and manage the network brilliantly. There are different types of layer take part in the networking through switches that perform the particular function of transferring the data.

Types of Network Switch: There are different types of network switch based upon the form and the configuration. On the basis of their form they are categorized into rack mounted, chassis or catalyst switch etc. And on the basis of configuration they are differentiated into managed, unmanaged, smart or enterprise managed switches. Managed Switches: A type of network switch in which different types of methods are used to manage the different parts of the network and can able to upgrade the working and the performance of the switch with the help of common methods of management is called as the managed network switch. Unmanaged Network Switch: Basically these networking switches are designed for those customers that are not able to spend more money because those are less expensive. A type of network switch in which interface is not involved is called as unmanaged network switches. They are designed for the direct use. Smart Switches: Basically the smart network switches are the important types of managed switches in which the specific management features are discussed. Typically these switches re used for the networking devices such as VLANs. They also increase the working ability of the parts connected by the switches Advantages of Network Switch: Due to the reliable and the easy working of the network switches to manage the network by joining the different segments of the network. Some of the particular advantages of the network switching are given below
1. Network switches are very beneficial for the expenditure of the network and can also helpful in decreasing the load from the systems individually 2. They are also helpful for the in maintaining and enhancing the performance of the network using switches 3. In the networking data is transmitted in the form of the data packets and in these cases there are more chances of collision between the packets but network switches are also able to avoid the collision between the data grams

en the networking components they are also referred to as the network bridge.

Hubs Vs Switches - Difference between hubs and switches

An important device that is required to build a connection between different systems to run them like a single network is called as the networking hubs. Basically all the working of the hubs is carried out with the help of access points of multiple natures. The main function of the networking hub is to deliver the data over the connected network in the form of the electrical signals and all the systems that are connected with the hub device are benefited with the required information or data that is amplified.

Another important networking device that takes part in the transmission of data is called as the networking switches. Typically they are defined as the networking device that is used to form the bridge or the connection between the different or the specific segments of the network to carry on the working and maintain the performance is referred to as the network switch. Generally they provide no advantage to the passive networks. Due to the ability of forming a bridge between the fragments network switches are also called as the networking bridge. General Comparison between Networking Hubs and Switches: Features Types Hubs Switches

On the basis of networking performance Network switches also have some and the construction, generally networking different types that are really helpful in hubs are categorized into different types. maintaining the performance and the Some of them are as follows working of the connected networks. Major types of switches are given below 1. Active hubs 2. Intelligent hubs 3. Passive hubs 1. Managed switches 2. Unmanaged switches 3. Smart switches


The function of the hub is generally Network switches can also perform the depends upon the configuration and the work similar to hubs but they can installation of the networking devices with different in some aspects. The function it. Networking hubs can perform different that is similar to the hubs is that switches duties of connecting and managing the also help in connecting the different parts networking devices such as printers. There of network. but the features that are are different ports present in the device different from the networking hubs are as through which the systems are connected. follows Traditional hubs can only support the 4 or 5 1. Switches are also able to monitor ports but the modern hub can provide the the whole networking traffic and 16 or 24 ports to the users for the manage the parts of the network expenditure of the network well

2. They are also able to check and monitor the passing IP addresses from them 3. They are also able to perform the routing properties like router. Advantages Some important advantages of the networking hubs are as follows Network switches also have some advantages. These advantages are as 1. Hubs are generally less expensive asfollows compared to different types of other 1. Network switches are used to devices used for the same purposes increase the bandwidth of the network 2. It is very convenient to build the home network with the help of hubs 3. Hubs can provide the opportunity to the users to use their old and the useless thing with the help of networking hubs 4. networking hubs arte generally helpful in expand the networking area well 2. Switches are also reduce the work load on the network 3. As we know that data packets are involved in the transmission of the data, so network switches also reduce the collision between them 4. network switches are also very helpful in increasing the performance of the whole network by decreasing the load on the individual computers

What is TCP/IP ?
What is TCP/IP? The protocol that allows the sharing of resource among cooperate computers across a network is known as TCP/IP. The protocol was developed by a bunch of researchers settled around the ARPAnet. It is beyond doubts that the ARPAnet is until now the best TCP/IP network. Interestingly, more than 130 vendors has equipments to support TCP/IP till June, 1987 and the protocol was utilized by thousands of networks

DHCP (Dynamic Host Configuration Protocol) Basics

Dynamic Host Configuration Protocol (DHCP) is a standard protocol defined by RFC 1541 (which is superseded by RFC 2131) that allows a server to dynamically distribute IP addressing and configuration information to clients. Normally the DHCP server provides the client with at least this basic information: IP Address Subnet Mask Default Gateway

Other information can be provided as well, such as Domain Name Service (DNS) server addresses and Windows Internet Name Service (WINS) server addresses. The system administrator configures the DHCP server with the options that are parsed out to the client.

What is DHCP and its Functions?

To create a network via TCP/IP, it is necessary to build each individual station to configure. For larger networks a lot of planning and work is required. To avoid this, you can use the Dynamic Host Configuration Protocol (DHCP) for automatic configuration of TCP/IP. But apart from this, DHCP is also capable of to manage and distribute IP addresses dynamically . Thus, a station is not necessarily a fixed IP address assigned. For a TCP / IP network must have the following settings for each station are: Assignment of a unique IP address Assign a subnet mask (subnet mask) Assign the default gateway or default

Functioning of DHCP DHCP follows a client-server architecture model. The DHCP server has a pool of IP addresses and these IP Addresses are allocated to it's clients. For larger networks, the DHCP server also know about the subnets and default gateway is there.If a station is started and there is a DHCP-enabled client, a reduced role in its mode of the TCP/IP stack driven. This does not have a valid IP address, no subnet mask and no default gateway. The only thing the client can make is IP broadcasts to send. The DHCP client sends a UDP packet with the destination address 255,255,255,255 and the source address This serves as a broadcast address to request any available DHCP server. The UDP packet contains the hardware address (MAC address) of the station. Each main DHCP server sends a UDP packet with the following data: MAC address of the client Possible IP address Duration of the IP address Subnet Mask IP address of the DHCP server / server-ID

From the selection of possibly more than one DHCP server looks for the DHCP-client an IP address out. Then it sends a positive message to the appropriate DHCP server. All other servers receive the message and just go by the adoption of the IP address for the benefit of another server. Subsequently, the assignment of IP address from the DHCP server to be confirmed. Once the DHCP client has the confirmation, it stores the data locally from. Finally, the TCP/IP stack fully launched.But not only the data to the TCP/IP network, DHCP can be awarded to the client.

Read more:

1261289.html#ixzz1UeHDsQTl Under Creative Commons License: Attribution No Derivatives

Install a DNS server

Updated: January 21, 2005 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To install a DNS server

1. Open Windows Components Wizard. In Components, select the Networking Services check box, and then click Details.

2. 3.

In Subcomponents of Networking Services, select the Domain Name System (DNS) check box, click OK, and then click Next.


If prompted, in Copy files from, type the full path to the distribution files, and then click OK.

Required files are copied to your hard disk. Notes To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

To open the Windows Components Wizard, click Start, click Control Panel, double-click Add or Remove programs, and then click Add/Remove Windows Components. Certain Windows components require configuration before they can be used. If you installed one or more of these components but did not configure them, when you click Add/Remove Windows Components, a list of components that need to be configured is displayed. To start the Windows Components Wizard, click Components.

It is recommended that you manually configure the computer to use a static IP address. If the DNS server is configured to use DHCP-assigned dynamic addresses, when the DHCP server assigns a new IP address to the DNS server, the DNS clients configured to use that DNS server's previous IP address will be unable to resolve the previous IP address and locate the DNS server.

After you install a DNS server, you can decide how to administer it and its zones. Although you can use a text editor to make changes to server boot and zone files, this method is not recommended. The DNS console and the DNS command-line tool, dnscmd, simplify maintenance of these files and should be used whenever possible. Once you begin using console-based or command-line management of these files, manually editing them is not recommended. For more information, see Related Topics.

DNS zones stored in Active Directory can be administered using the DNS console or the dnscmd command-line tool only. These zones cannot be administered using a text editor.

If you uninstall a DNS server hosting Active Directory-integrated zones, these zones will be saved or deleted according to their storage type. For all storage types, the zone data is stored on other domain controllers or DNS servers and will not be deleted unless the DNS server that you uninstall in the last DNS server hosting that zone.

If you uninstall a DNS server hosting standard DNS zones, the zone files will remain in the systemroot\system32\Dns directory, but they will not be reloaded if the DNS server is reinstalled. If you create a new zone with the same name as an old zone, the old zone file is replaced with the new zone file.

When writing DNS server boot and zone data to text files, DNS servers use the Berkeley Internet Name Domain (BIND) file format recognized by legacy BIND 4 servers, not the more recent BIND 8 format.

Understanding Zone Types

Applies To: Windows Server 2008, Windows Server 2008 R2 The DNS Server service provides for three types of zones: Primary zone Secondary zone Stub zone

Note If the DNS server is also an Active Directory Domain Services (AD DS) domain controller, primary zones and stub zones can be stored in AD DS. See Understanding Active Directory Domain Services Integration for more information. The following sections describe each of these zone types.

Primary zone
When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source for information about this zone, and it stores the master copy of zone data in a local file or in AD DS. When the zone is stored in a file, by default the primary zone file is named zone_name.dns and it is located in the %windir%\System32\Dns folder on the server.

Secondary zone
When a zone that this DNS server hosts is a secondary zone, this DNS server is a secondary source for information about this zone. The zone at this server must be obtained from another remote DNS server computer that also hosts the zone. This DNS server must have network access to the remote DNS server that supplies this server with updated information about the zone. Because a secondary zone is merely a copy of a primary zone that is hosted on another server, it cannot be stored in AD DS.

Stub zone
When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone.

You can use stub zones to: Keep delegated zone information current. By updating a stub zone for one of its child zones regularly, the DNS server that hosts both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone. Improve name resolution. Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers, without having to query the Internet or an internal root server for the DNS namespace. Simplify DNS administration. By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones, and they are not an alternative for enhancing redundancy and load sharing. There are two lists of DNS servers involved in the loading and maintenance of a stub zone: The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS servers for the zone. The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records. When a DNS server loads a stub zone, such as, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone The list of master servers may contain a single server or multiple servers, and it can be changed anytime

Understanding Zones
Applies To: Windows Server 2008, Windows Server 2008 R2 In addition to dividing your Domain Name System (DNS) namespace into domains, you can also divide your DNS namespace into zones that store name information about one or more DNS domains. A zone is the authoritative source for information about each DNS domain name that is included in the zone. A zone starts with a single DNS domain name. If other domains are added below the initial domain, these domains can either be part of the same zone or belong to another zone. That is, when you add a subdomain, you can either include it as part of the original zone, or you can delegate it away to another zone that you create to support the subdomain. For example, the following illustration shows the domain, which contains domain names for Microsoft. When the domain is first created at a single server, it is configured as a single zone for all of the Microsoft DNS namespace. If, however, the domain must use subdomains, those subdomains must be included in the zone or delegated away to another zone.

In this illustration, the domain has a new subdomainthe domain delegated away from the zone and managed in its own zone. However, the zone must contain a few resource records to provide the delegation information that references the DNS servers that are authoritative for the delegated subdomain. If the zone does not use delegation for a subdomain, any data for the subdomain remains part of the zone. For example, the subdomain is not delegated away, but it is managed by the zone.

Zone replication and transfers

Because of the important role that zones play in DNS, they must be available from more than one DNS server on the network so that they can provide availability and fault tolerance. Otherwise, if only a single server is available and that server is not responding, queries for names in the zone can fail. So that additional servers can host a zone, zone transfers are required for replication and synchronization of all copies of the zone that are used at each server that is configured to host the zone. When a new DNS server is added to the network and it is configured as a new secondary server for an existing zone, it performs a full initial transfer of the zone to obtain and replicate a full copy of resource records for the zone. Most earlier DNS server implementations use this same method of full transfer for a zone when the zone requires updating after changes are made to the zone. For DNS servers running Windows Server 2003 and Windows Server 2008, the DNS Server service supports incremental zone transfer, a revised DNS zone transfer process for intermediate changes. Incremental transfers provide a more efficient method of propagating zone changes and updates. Unlike in earlier DNS implementations in which any request for an update of zone data required a full transfer of the entire zone database, with incremental transfer the secondary server can pull only those zone changes that it needs to synchronize its copy of the zone with its source, either a primary or secondary copy of the zone that is maintained by another DNS server.

Start a zone
Updated: January 21, 2005 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To start a zone

Using the Windows interface Using a command line

Using the Windows interface 1. Open DNS. In the console tree, click the applicable zone.



3. 4.

DNS/applicable DNS server/Forward Lookup Zones (or Reverse Lookup Zones)/applicable zone

On the Action menu, click Properties.

On the General tab, click Start, and then click OK.

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS. By default, zones are started when created or loaded at the server. Only zones that have previously been paused need to be restarted.

Creating a Forward Lookup Zone

Updated: May 9, 2008

When the Domain Name System (DNS) server role is installed as part of creating a domain controller by installing Active Directory Domain Services (AD DS), the forward lookup zones that are required to support the domain are automatically created. Creating a forward lookup zone is only necessary when you create a DNS server that is not running on a domain controller or if you need to create a DNS domain that is not part of your Active Directory domain structure. When you create a forward lookup zone, you must designate the zone as a primary, secondary, or stub zone: A primary zone is a zone that is maintained on this server. A secondary zone is a copy of a zone that is maintained on the primary server for the zone. Secondary zones help provide load balancing and fault tolerance for DNS zones. A stub zone source only for information about the authoritative name servers for this zone because it contains only pointers to other DNS servers that are authoritative for the zone. For more information about zone types, see Managing a Forward Lookup Zone. Although a zone and a domain are logically separate, creating a zone begins with creating a domain. After you create a zone, you can then add additional domains (that is, subdomains) to the zone. Typically, the name of the zone and the name of the first domain in the zone are the same. After you add a subdomain to a zone, you can then manage and include it as part of the original zone records, or you can delegate it away to another zone that you create to support the subdomain. See Delegating a Zone for more information about zone delegation. When you create a zone, you can choose whether or not to allow dynamic updates (that is, automatic updates to the zone that occur when clients add their own resource records to or remove their resource records from the zone. You can configure Active Directoryintegrated zones to accept only secure dynamic updates. To complete this task, perform the following procedure:

Add a Forward Lookup Zone

Add a Forward Lookup Zone

Updated: May 9, 2008 Forward lookup zones support the primary function of Domain Name System (DNS), that is, the resolution of host names to IP addresses. For more information, see Managing a Forward Lookup Zone. You can use this procedure to add a forward lookup zone using either the DNS Manager snap-in or the dnscmd command-line tool. Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at

Adding a forward lookup zone

Using the Windows interface Using a command line

To add a forward lookup zone using the Windows interface 1. Open DNS Manager. To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.


In the console tree, right-click a DNS server, and then click New Zone to open the New Zone Wizard. Follow the instructions in the wizard to create a new primary zone, secondary zone, or stub zone.

Add a reverse lookup zone

Updated: January 21, 2005 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To add a reverse lookup zone

Using the Windows interface Using a command line

Using the Windows interface 1. Open DNS. In the console tree, right-click a DNS server, and then click New Zone to open the New Zone Wizard.


Follow the instructions to create a new reverse lookup zone.

Add a stub zone

Published: January 21, 2005 Updated: August 25, 2010 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To add a stub zone

Using the Windows interface Using a command line

Using the Windows interface 1. Open DNS. In the console tree, right-click a DNS server, and then click New Zone to open the New Zone Wizard.


Follow the instructions to create a new stub zone.

Delete a zone

Updated: January 21, 2005 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To delete a zone

Using the Windows interface Using a command line

Using the Windows interface 1. Open DNS. In the console tree, click the applicable zone.



3. 4.

DNS/applicable DNS server/Forward Lookup Zones (or Reverse Lookup Zones)/applicable zone

On the Action menu, click Delete.

When asked to confirm that you want to delete the zone, click OK.

Deleting an Active Directory-integrated zone effectively deletes the zone and eliminates its use at all other DNS servers using the same directory store of zone data.

Create a secondary zone

Updated: March 2, 2005 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 Perform this procedure only on new domain controllers that are also DNS servers that are located in the child domain, not the forest root domain. Administrative Credentials To perform this procedure, you must be a member of the Domain Admins group. To create a secondary zone 1. Open the DNS snap-in.

2. 3. 4.

In the console tree, right-click the new domain controller and click New Zone. In the New Zone Wizard, click Next to continue. On the Zone Type page, select Secondary zone and click Next.

5. 6. 7. 8.

Ensure that Forward lookup zone is selected. Click Next. For Zone name, type _msdcs.forestrootdomain (where forestrootdomain is the fully qualified domain name of the forest root domain), and click Next. In the Master DNS Servers dialog box, enter the IP addresses of at least two DNS servers in the forest root domain. Click Next. Review the settings you defined, and click Finish to close the wizard

(pronounced as separate letters) Short for virtual private network, a network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. How is a server different from a desktop? What are storage area networks? Can I use a high-end desktop in place of a server? How do you know when you need a server? VPN Do I need more than one server?

How is a Server Different From a Desktop?

Server different from a Desktop?

Many people mistakenly believe that a server is no different from a typical desktop computer. This couldn't be further from the truth. While almost any computer that meets the minimum hardware requirements can run a server operating system that alone does not make a desktop computer a true server. Even if the desktop computer had similar processor speeds, memory and storage capacity compared to a server, it still isn't a replacement for a real server. The technologies behind them are engineered for different purposes

What are Storage Area Networks?

Slide 1 of 5

A Storage Area Network (SAN) is a high-speed subnetwork of shared storage devices. Many IT organizations today debate whether the advantages of implementing a storage area network (SAN) justify the associated costs. So, should you be moving away from your current storage strategy and towards a Storage Area Network (SAN)? Continue reading to learn about the storage area network and its role in modern network environments

Server vs. High-End PC

Slide 1 of 5

Once you've determined that your business needs a server, one of the first questions you should ask is whether or not you can use a high-end desktops instead of having to invest in a new server. This is a common question, especially during these times of limited resources and tight budgetary constraints. While a high-end PC can often work and function as a server in a pinch, especially for certain roles such as file serving, there are several reasons a dedicated server makes a better long-term investment. Some of a dedicated server's key advantages over a high-end PC include: Reliability and Performance Scalability Security Long-term Cost Savings

Do I Need More Than One Server?

Slide 1 of 5

When using a server for your small business, one benefit you'll realize is that a server can be customized and configured to meet your specific needs and budget. Many file and print servers (the most common type of server for small business needs) will not cost much more than a high-end desktop (see How is a Server Different from a Desktop?). Proper planning will ensure you purchase a server with enough power. The number of servers required depends on how much server processing power you need to support your number of users and applications you run.

How Much Will a Server Cost?

Onc e you've determined that your business needs a server, one of the first questions you're likely to have involves how much the new server will cost. While the server and its hardware costs are the numbers you're most likely to see quoted, in most cases these represent only a small part of the total cost of ownership for a new server. The three main components to a server's overall costs are: - Cost of hardware - Cost of server operating system and applications - Cost to administer

Do I Need a Server?
Slide 1 of 5

Does your business have more than 5 employees? If your answer is Yes, then your business should be using a server network. Continue reading to better understand the benefits of server technology. While implementing a network is not a trivial or inexpensive undertaking, the benefits you gain by adding a server to your computing environment far outweigh any shortcomings.

Configure a VPN connection from a client computer

To set up a connection to a VPN, follow these steps:


On the computer that is running Windows XP, confirm that the connection to the Internet is correctly configured.

For more information about how to test your Internet configuration, click the following article number to view the article in the Microsoft Knowledge Base: 314067 ( ) How to troubleshoot TCP/IP connectivity with Windows XP

2. 3. 4. 5. 6. 7.

Click Start, and then click Control Panel. In Control Panel, double-click Network Connections. Click Create a new connection. In the Network Connection Wizard, click Next. Click Connect to the network at my workplace, and then click Next. Click Virtual Private Network connection, and then click Next. If you are prompted to, do one of the following:

If you use a dial-up connection to connect to the Internet, click Automatically dial this initial connection, and then click your dial-up Internet connection from the list.

If you use a full-time connection such as a cable modem, click Do not dial the initial connection.


Click Next.

10. Type the name of your company or type a descriptive name for the connection, and then click Next. 11. Type the host name or the Internet Protocol (IP) address of the computer that you want to connect
to, and then click Next.

12. Click Anyone's use if you want the connection to be available to anyone who logs on to the
computer, or click My use only to make it available only when you log on to the computer, and then click Next.

13. Click to select the Add a shortcut to this connection to my desktop check box if you want to
create a shortcut on the desktop, and then click Finish.

14. If you are prompted to connect, click No. 15. In the Network Connections window, right-click the new connection. 16. Click Properties, and then configure more options for the connection:
If you are connecting to a domain, click the Options tab, and then click to select the Include Windows logon domain check box to specify whether to request Windows logon domain information before you try to connect.

If you want the computer to redial the connection if the line is dropped, click the Options tab, and then click to select the Redial if line is dropped check box.

To use the connection, follow these steps: 1. Use one of the following methods:

Click Start, point to Connect To, and then click the new connection. If you added a connection shortcut to the desktop, double-click the shortcut on the desktop.


If you are not currently connected to the Internet, Windows offers to connect to the Internet. After your computer connects to the Internet, the VPN server prompts you for your user name and password. Type your user name and password, and then click Connect. Your network resources should be available to you in just like they are when you connect directly to the network.



To disconnect from the VPN, right-click the icon for the connection, and then click Disconnect.

Note If you cannot connect to shared resources on the remote network by computer, you can use the remote computer's IP address to connect by using UNC (\\<IP_Address>\Share_name). Edit the hosts file in the Windows\System32\Drivers\ folder, and add an entry to map the remote server's name to its IP address. Then use the computer name in a UNC connection (\\Server_name\Share_name).

How to Use System Restore

The System Restore feature of the Microsoft Windows Operating System is designed to return the computer to a known good state from prior to experiencing significant problems with the PC. Microsoft started deploying System Restore with the XP version of Windows in order to minimize the number of users who would need to conduct a full Operating System installation after experiencing significant computer issues.

How Does System Restore Work?

System Restore will automatically track significant updates and changes to the computer and create restore points. A restore point consists of a full copy of the computer&apos;s registry along with various system files required to restore the computer. Some events that will trigger automatic restore point generation include installing operating system updates, installing new drivers, updating software, and when major software programs are installed or updated. The latest versions of System Restore will also preserve data and media files store in the My Pictures, My Music, and My Documents folders in order to prevent inadvertent deletion of personal files.

How to Restore Your Computer to a Past Date

Step 1 Choose the Start and All Programs menu buttons. Step 2 Select the Accessories and Systems Tool options followed by clicking the System Restore menu choice. Step 3 Choose the Restore My Computer to an Earlier Option menu choice on the opening dialogue screen. Step 4 Select a day on the calendar or a bulletized option to restore the computer. Step 5 Choose the Next menu button on the subsequent screen to continue with System Restore. Step 6 Restart your computer after System Restore has completed running, and your computer will be restored to the point.

How to Create a System Restore Point

Although Windows automatically creates System Restore points, you can also manually generate one. In order to do so, conduct the following steps: Step 1 Open the System Restore application per the steps stated earlier in this text.

Step 2 Choose the Create a Restore Point menu option on the initial program dialogue box followed by the Next menu button. Step 3 Enter a descriptive filename for the restore point followed by the Create menu button. Step 4 Cancel the restore point creating by clicking the Back menu button. To continue with finalizing the restore point generation, follow the default menu prompts on the subsequent dialogue boxes.

How Firewalls Work

If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall." If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.

Firewalls have helped protect computers in large companies for years. Now, they're a critical component of home networks, as well. See more Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. As you read through this article, you will learn more about firewalls, how they work and what kinds of threats they can protect you from.

(n.) In internetworking, the process of moving a packet of data from source to destination. Routing is usually performed by a dedicated device called a router. Routing is a key feature of the Internet because it enables messages to pass from one computer to another and eventually reach the target machine. Each intermediary computer performs routing by passing along the message to the next computer. Part of this process involves analyzing a routing table to determine the best path. Routing is often confused with bridging, which performs a similar function. The principal difference between the two is that bridging occurs at a lower level and is therefore more of a hardware function whereas routing occurs at a higher level where the software component is more important. And because routing occurs at a higher level, it can perform more complex analysis to determine the optimal path for the packet

(rowter) (n.) A device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP??s network. Routers are located at gateways, the places where two or more networks connect. Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts. Very little filtering of data is done through routers. See "Common Router Settings" in the Quick Reference section of Webopedia. See also Webopedia's "Did You Know... Routers, Switches and Hubs: What's the Difference?"

How Routers Work

Keeping the Messages Moving

When you send e-mail to a friend on the other side of the country, how does the message know to end up on your friend's computer, rather than on one of the millions of other computers in the world? Much of the work to get a message from one computer to another is done by routers, because they're the crucial devices that let messages flow between networks, rather than within networks.

Let's look at what a very simple router might do. Imagine a small company that makes animated 3-D graphics for local television stations. There are 10 employees of the company, each with a computer. Four of the employees are animators, while the rest are in sales, accounting and management. The animators will need to send lots of very large files back and forth to one another as they work on projects. To do this, they'll use a network. When one animator sends a file to another, the very large file will use up most of the network's capacity, making the network run very slowly for other users. One of the reasons that a single intensive user can affect the entire network stems from the way that Ethernet works. Each information packet sent from a computer is seen by all the other computers on the local network. Each computer then examines the packet and decides whether it was meant for its address. This keeps the basic plan of the network simple, but has performance consequences as the size of the network or level of network activity increases. To keep the animators' work from interfering with that of the folks in the front office, the company sets up two separate networks, one for the animators and one for the rest of the company. A router links the two networks and connects both networks to the Internet.

Network Address Translation (NAT)

NAT is included as part of a router and is often part of a corporate firewall. Network administrators create a NAT table that does the global-to-local and local-to-global IP address mapping. NAT can also be used in conjunction with policy routing. NAT can be statically defined or it can be set up to dynamically translate from and to a pool of IP addresses. Cisco's version of NAT lets an administrator create tables that map:
A local IP address to one global IP address statically A local IP address to any of a rotating pool of global IP addresses that a company may have A local IP address plus a particular TCP port to a global IP address or one in a pool of them A global IP address to any of a pool of local IP addresses on a round-robin basis

NAT is described in general terms in RFC 1631. which discusses NAT's relationship to Classless Interdomain Routing (CIDR) as a way to reduce the IP address depletion problem. NAT reduces the need for a large amount of publicly known IP addresses by creating a separation between publicly known and privately known IP addresses. CIDR aggregates publicly known IP addresses into blocks so that fewer IP addresses are wasted. In the end, both extend the use of IPv4 IP addresses for a few more years before IPv6 is generally supported.
Short for Network Address Translation, an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box located where the LAN meets the Internet makes all necessary IP address translations. NAT serves three main purposes: Provides a type of firewall by hiding internal IP addresses Enables a company to use more internal IP addresses. Since they're used internally only, there's no possibility of conflict with IP addresses used by other companies and organizations.

Allows a company to combine multipIf

you are reading this article, you are most likely connected to the Internet and viewing it at the HowStuffWorks Web site. There's a very good chance that you are using Network Address Translation (NAT) right now. The Internet has grown larger than anyone ever imagined it could be. Although the exact size is unknown, the current estimate is that there are about 100 million hosts and more than 350 million users actively on the Internet. That is more than the entire population of the United States! In fact, the rate of growth has been such that the Internet is effectively doubling in size each year. So what does the size of the Internet have to do with NAT? Everything! For a computer to communicate with other computers and Web servers on the Internet, it must have an IP address. An IP address (IP stands for Internet Protocol) is a unique 32-bit number that identifies the location of your computer on a network. Basically, it works like your street address -- as a way to find out exactly where you are and deliver information to you. When IP addressing first came out, everyone thought that there were plenty of addresses to cover any need. Theoretically, you could have 4,294,967,296 unique addresses (232). The actual number of available addresses is smaller (somewhere between 3.2 and 3.3 billion) because of the way that the addresses are separated into classes, and because some addresses are set aside for multicasting, testing or other special uses.

Network Address Translation helps improve security by reusing IP addresses. The NAT router translates traffic coming into and leaving the private network. See more pictures of computer networking.

NAT Configuration
NAT can be configured in various ways. In the example below, the NAT router is configured to translate unregistered (inside, local) IP addresses, that reside on the private (inside) network, to registered IP addresses. This happens whenever a device on the inside with an unregistered address needs to communicate with the public (outside) network.
An ISP assigns a range of IP addresses to your company. The assigned block of addresses are registered, unique IP addresses and are called inside global addresses. Unregistered, private IP addresses are split into two groups. One is a small group (outside local addresses) that will be used by the NAT routers. The other, much larger group, known as inside local addresses, will be used on the stub domain. The outside local addresses are

used to translate the unique IP addresses, known as outside global addresses, of devices on the public network.

IP addresses have different designations based on whether they are on the private network (stub domain) or on the public network (Internet), and whether the traffic is incoming or outgoing.

Most computers on the stub domain communicate with each other using the inside local addresses. Some computers on the stub domain communicate a lot outside the network. These computers have inside global addresses, which means that they do not require translation. When a computer on the stub domain that has an inside local address wants to communicate outside the network, the packet goes to one of the NAT routers. The NAT router checks the routing table to see if it has an entry for the destination address. If it does, the NAT router then translates the packet and creates an entry for it in the address translation table. If the destination address is not in the routing table, the packet is dropped. Using an inside global address, the router sends the packet on to its destination. A computer on the public network sends a packet to the private network. The source address on the packet is an outside global address. The destination address is an inside global address. The NAT router looks at the address translation table and determines that the destination address is in there, mapped to a computer on the stub domain. The NAT router translates the inside global address of the packet to the inside local address, and sends it to the destination computer.

NAT overloading utilizes a feature of the TCP/IP protocol stack, multiplexing, that allows a computer to maintain several concurrent connections with a remote computer (or computers) using different TCP or UDP ports. An IP packet has a header that contains the following information:
Source Address - The IP address of the originating computer, such as Source Port - The TCP or UDP port number assigned by the originating computer for this packet, such as Port 1080

Destination Address - The IP address of the receiving computer, such as Destination Port - The TCP or UDP port number that the originating computer is asking the receiving computer to open, such as Port 3021

The addresses specify the two machines at each end, while the port numbers ensure that the connection between the two computers has a unique identifier. The combination of these four numbers defines a single TCP/IP connection. Each port number uses 16 bits, which means that there are a possible 65,536 (216) values. Realistically, since different manufacturers map the ports in slightly different ways, you can expect to have about 4,000 ports available.

With the explosion of the Internet and the increase in home networks and business networks, the number of available IP addresses is simply not enough. The obvious solution is to redesign the address format to allow for more possible addresses. This is being developed (called IPv6), but will take several years to implement because it requires modification of the entire infrastructure of the Internet. This is where NAT (RFC 1631) comes to the rescue. Network Address Translation allows a single device, such as a router, to act as an agent between the Internet (or "public network") and a local (or "private") network. This means that only a single, unique IP address is required to represent an entire group of computers. But the shortage of IP addresses is only one reason to use NAT. In this edition of HowStuffWorks, you will learn more about how NAT can benefit you. But first, let's take a closer look at NAT and exactly what it can do...
le ISDN connections into a single Internet connection.

How Network Address Translation Works