LECTURE 3

PREPARING TO ADMINISTER
A WORKSTATION
1
2

Involved Topics

 Authentication & Basic Cryptography

 Administering a Server
 Configuring Remote Desktop to
Administer a Server
 Managing Remote Desktop Connections
 3
What is Authentication?
• Verification of identity of someone who generated some data
• Relates to identity verification
• Classifications of identity verification:
• by something known e.g. password
• by something possessed e.g. smart card, passport
• by physical characteristics (biometrics) e.g. finger prints, palm
prints, retina, voice
• by a result of involuntary action : signature
 4
Authentication
• Requirements – must be able to verify that:
• Message came from apparent source or author
• Contents have not been altered
• Sometimes, it was sent at a certain time or sequence

• Protection against active attack (falsification of data and

transactions)
5
Password
• Protection of passwords
• Don’t keep your password to anybody
• Don’t write or login your password at everywhere
• Choosing a good password
• Criteria: Hard to guess and easy to remember
• Characteristics of a good password: Not shorter than six characters AND Not patterns
from the keyboard
• Calculations on password
• Password population, N =rs
• Probability of guessing a password = 1/N
• Probability of success, P=nt/N
6
Time taken to crack password
No. Total by human by 1MIPS
Characters Combination Comp

1 36 3 minutes .000018s

2 1300 2 hours .00065s

3 47000 3 days .02s

4 1700000 3 months 1s

5 60000000 10 years 30s

10 37x1014 580 Million years 59years

 7
Techniques for guessing passwords
• Try default passwords.
• Try all short words, 1 to 3 characters long.
• Try all the words in an electronic dictionary(60,000).
• Collect information about the user’s hobbies, family names,
birthday, etc.
• Try user’s phone number, social security number, street
address, etc.
• Try all license plate numbers
• Use a Trojan horse
• Tap the line between a remote user and the host system.
8
Password Selecting Strategies

User education

Computer-generated passwords

Reactive password checking

Proactive password checking

9
Example of Password
Based on the passwords given below, determine which
passwords are good or bad, include one reason for
each password:
❑UTeM1
❑hon05da
❑MyviT05
❑aleeyah
❑king
❑zamrud
10
Example of Password Calculation
Assume you choose character from a-z and 0-9 and
the number of characters required are 5.
 Determine how much time will be needed to get the
right password if your capability of your computer is 400
MIPS.
 Give your opinion/conclusion from this problem.
11
Cryptography Concept
• The idea of a cipher system is to disguise information
in such a way that its meaning is unintelligible to an
unauthorized person.

• The two most common uses are, probably, to store

data securely in a computer file or to transmit it
across an insecure channel such as the internet.

• Encrypted document does not prevent unauthorized

people gaining access to it but, rather, ensures that
they cannot understand what they see.
12
Cryptography Terminology
• plaintext - original message
• ciphertext - coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - study of principles/ methods of
deciphering ciphertext without knowing key
• cryptology - field of both cryptography and cryptanalysis
13
Cryptography Algorithms
• Classified along three independent dimensions:
• The type of operations used for transforming plaintext to
ciphertext

• The number of keys used

• symmetric (single key, or private-key encryption)
• asymmetric (two-keys, or public-key encryption)

• The way in which the plaintext is processed

14
Cryptography Algorithms
• Symmetric algorithms P=D(K,E(K,P))

• Asymmetric algorithms P=D(Kd, E(Ke, P))

15
Symmetric vs. Asymmetric
• If the system is symmetric, then there may be a need to distribute a
secret key value before secret messages can be exchanged.
• One of the most difficult aspects of obtaining a secure system.

• If the system is asymmetric, then it may be possible to avoid this

particular problem by distributing only the encryption keys, which
do not need to be secret.
• However it is then replaced by the problem of guaranteeing the authenticity
of each participant’s encryption key.
16
Symmetric Cryptography Principles
17
Symmetric Cryptography Requirements
• two requirements for secure use of symmetric encryption:
• a strong encryption algorithm
• a secret key known only to sender / receiver

• mathematically have:
• C = EK(P)
• P = DK(C)

• assume encryption algorithm is known

• implies a secure channel to distribute key
18
Public-Key Cryptography (Asymmetric) Principles
• The use of two keys has consequences in:
• key distribution, confidentiality and authentication.

• The scheme has six ingredients

• Plaintext
• Encryption algorithm
• Public key
• Private key
• Ciphertext
• Decryption algorithm
19
Encryption using Asymmetric Cryptography
20
Methods use in Cryptography Algorithm
 Substitution
 monoalphabetic substitution
Formed by shifting the letters of the original alphabet
 polyalphabetic substitution
Extension of monoalphabetic substitution system
Using Vigenere Tableau
 Transposition
 unkeyed transposition
Rearrange letters by using matrix
 keyed transposition
Rearrange letters by using matrix where the size of matrix is
determined by the length of the key used.
21
Caesar Ciphers
One of the earliest substitution cipher described by
Julius Caesar in the Gallic Wars.
In this cipher each of the letters A to W is encrypted by
being represented by the letter that occurs three
places after it in the alphabet.
Although Caesar used a ‘shift’ of 3, a similar effect
could have been achieve using any number from 1 to
25.
In fact any shift is now commonly regarded as
defining a Caesar Cipher.
22
Caesar Ciphers (Cont.)
 The encryption key and decryption key are both determined by a
shift but the encryption and decryption rules are different.

 We could have changed the formulation slightly to make the two

rules coincide and have different encryption and decryption
keys.
 A shift of 26 has the same effect as a shift of 0 and, for any shift from 0 to 25,
encryption with that shift is the same as decryption with the new shift
obtained by subtracting the original shift from 26.
 E.g: encryption with shift 8 is the same as decryption with shift 26 - 8 =18.
23

Plaintext A B C D E F G H I J K L M N

Ciphertext S T U V W X Y Z A B C D E F

Plaintext O P Q R S T U V W X Y Z

Ciphertext G H I J K L M N O P Q R
24
Caesar Ciphers (Cont.)
This enable us to use the same rule for encryption and
decryption with the decryption key 18 corresponding to the
encryption key 8.

 Caesar ciphers are vulnerable to exhaustive key search attack.

To work through all the 26 keys.

 Furthermore the key can be determined from knowledge of a

single pair of corresponding plaintext and ciphertext characters.
25
Example:
Decipher the following cryptogram. It was obtained from English text by using a simple
substitution cipher. What is the enciphering key?

FQJCB RWJWJ VNJAX BNKHJ WHXCQ

NAWJV NFXDU MBVNU UJBBF NNC
 26
Caesar Ciphers (Cont.)
 A single key search may not identify the key uniquely.
 It is much more likely merely to limit the number of possibilities by eliminating
some obviously wrong ones.

 An exhaustive search for the encryption key for cryptogram HSPPW yields two
possibilities that lead to complete English words for the assumed message.

 These shifts are 4, that gives DOLLS, and 11, that gives WHEEL.

 When this happens we need more information, possibly the context of the
message, or some extra ciphertext, before we can determine the key uniquely.
 27
Simple Substitution Ciphers (Random)
ABCD EFGH I J KLM
DI QMTB ZSYK VOF

NOPQ R S TUVW XYZ

ERJ A U WPXH L CNG

 For a Simple Substitution Ciphers (or monoalphabetic ciphers), we write the alphabet
in a randomly chosen order underneath the alphabet written in strict alphabetical
order.

 The encryption and decryption keys are equal.

 The encryption rule is ‘replace each letter by the one beneath it’ while the decryption
rule is the opposite procedure
28
Simple Substitution Ciphers (Cont.)
 The number of keys for a Simple Substitution Cipher is equal to the
number of ways in which the 26 letters of the alphabet can be
arranged.
It is called 26 factorial and is denoted by 26! It is 26 x 25 x 24 x … x 3
x 2 x 1 which equals 403,291,461,126,605,635,584,000,000 keys.

 Although having a large number of keys is a necessary requirement

for cryptography security, however having a large number of keys is
certainly no guarantee that the cipher system is strong.
29
Examples - Simple Substitution Ciphers
In the following examples we assume that the
cryptograms given have been intercepted by
someone who knows that the message is in English and
that a Simple Substitution Cipher was used:
Example 1: G WR W RWL
Example 2: HKC
Example 3: HATTPT
Example 4: HATTPT (Given that the message is the name of a
country)
30
Vigenère Ciphers
❑ The Vigenère Cipher (the best known of the manual polyalphabetic
cipher) uses a Vigenère Square to perform encryption.

❑ The left-hand (key) column of this square contains the English alphabet
and for each letter, the row determined by that letter contains a
rotation of the alphabet with that letter as the leading character.
 So each letter in the left-hand column gives a Caesar Cipher
whose shift is determined by that letter.
 Example: the letter g gives the Caesar Cipher with shift 6.
 31

Vigenere
Tableau
32
Example: Polyalphabetic Substitution Cipher

Based on Vigenere, get the ciphertext for the plaintext “A minutes success pays the
failure of years” in 4-letter words and “failure” as the repeating key. Use ‘x’ to pad out
the blanks.
33
Breaking vigenere cipher
This cipher was secure from about 1553 till 1854 (301 years!!!)

a.In 1854 Charles Babbage developed a test that succeeded

to attack this cipher.

b. In 1863 Friedrich Kasiski was the first to publish a successful attack on the
Vigenère cipher.

c. The primary weakness of the Vigenère cipher is the repeating nature of its key.
34
Transposition
Letter is rearranged
Letter are retain but moved from its position
Two type
Unkeyed single transposition
Keyed single transposition
35
Example: Unkeyed Single Transposition

Encrypt the plaintext : “there is no security on this

earth there is only opportunity” into a matrix of 10
(vertical) by 5 (horizontal).

Get the ciphertext horizontally, using 5- letter words.

36
Example: Keyed Single Transposition

 With the key “86423175”, encrypt the plaintext

“ignorance is the mother of admiration” using keyed
single transposition into 4 by 8 matrix. Use “x” to
pad out columns.
37
Administering a Server
 Group Memberships Used to Administer a Server
 What Is the Run As Command?
 How to Set Up Run As Shortcuts
 How to Use the Run As Command
 What Is Computer Management?
 How to Administer a Server Remotely by Using Computer
Management
 Role of MMC in Remote Administration
 How to Configure MMC to Manage a Server Remotely
38
Group Memberships Used to Administer a Server

Members of these groups are granted permissions to perform specific system tasks
Administrators should always be a member of a group that is the most restrictive

Built-in domain local

group Description
Administrators Performs all administrative tasks on clients and servers
Backup Operators Backs up, restores servers by using Backup
Creates, deletes, modifies user accounts and groups
Account Operators
Cannot modify Administrators group or any Operators groups
Server Operators Shares disk resources, backs up and restores files

Print Operators Sets up, manages network printers

39
What Is the Run As Command?
Use the Run as command to log on with a non-administrative account and still perform
administrative tasks
Run as allows a user to run specific tools and programs with different permissions than
the user's current logon provides
For most computer activity, log on as a user to perform routine tasks and use Run as to
perform administrative tasks

You can start Run as:

 In the user interface on the Start menu
 In Windows Explorer
 In the command line prompt
 40
•How to Set Up Run As Shortcuts
How to set up a Run as shortcut to:
Performance: 1. Right-click the desktop, point to New, and then click Shortcut.

2. On the Create Shortcut page, in the Type the location of the

item box, type runas /user:Nwtraders\administrator
"mmc%windir%\system32\perfmon.msc" and then click Next.

3. On the Select a Title for the program page, in the Type a name
for this shortcut box, type Performance and then click Finish.
 41
•How to Set Up Run As Shortcuts
How to set up a Run as shortcut to:
Computer Management runas /user:nwtraders\administrator
"mmc %windir%\system32\ compmgmt.msc"

Device Manager runas /user:nwtraders\administrator

"mmc %windir%\system32\ devmgmt.msc"

Disk Manager runas /user:nwtraders\administrator

"mmc %windir%\system32\ diskmgmt.msc"

Active Directory runas /user:nwtraders\administrator

“mmc %windir%\system32\dsa.msc”
MMC runas /user:nwtraders\administrator mmc
Command Prompt runas /user:nwtraders\administrator cmd
42
•How to Use the Run As Command
How to use the Run as command from:

The Start menu

Windows Explorer
The command line prompt
43
What Is Computer Management?
 A collection of administrative tools
 Use to manage remote and local computers

Tool Description
Monitor system events
Create and manages shared resources
System tools
View a list of users who are connected to a local or remote computer
View device configurations and adds new device drivers

Set properties for storage devices

Storage tools
Update disk information
Manage applications and services
Services and
Start and stop system services, such as Task Scheduler and Indexing
applications tools Service
44
How to Administer a Server Remotely by Using Computer
Management?

1. Log on as an administrator with a password of P@ssw0rd

2. On the Start menu, right-click My Computer, and then click Manage.
3. Right-click Computer Management (local), and then click Connect to another
computer.
4. Click Another Computer, type the name of the computer that you want to manage
remotely, or click Browse to locate the computer, and then click OK.
5. In Computer Management, in the console tree, expand either System Tools, or
Storage, or Services and Applications.
6. Click the item, and then select the tools that you want to use.
 45
Role of MMC in Remote Administration

 Microsoft Management Console

◦ An application that provides a graphical-user interface (GUI) and a programming
framework in which consoles (collections of administrative tools) can be created,
saved, and opened.
◦ Consoles are used to manage Windows-based hardware, software, and networking
components, and include items such as controls, wizards, tasks, documentation, and
snap-ins.

 Why Use MMC in remote administration?

◦ Use for tasks frequently accomplished on remote computers
◦ Use to manage similar tasks on many remote computers
How MMC Works?
46

Administrators use the Group Policy MMC snap-in to specify options for managed desktop configurations for groups of computers
and users. Group Policy provides options for registry-based policy settings, security settings, software installation, scripts, and
folder redirection. The Group Policy settings that administrators create are contained in a Group Policy object (GPO) that is in turn
associated with selected Active Directory containers: sites, domains, and organizational units (OUs).

Administrators can also set local Group Policy for computers that are not members of a domain. To set local Group Policy,
administrators use the Group Policy snap-in focused on the local computer.
 47
Benefits of MMC
 Task Orientation: The tools being defined to work with MMC are task oriented in nature—they cater to the task
being performed rather than merely displaying the raw objects that can be manipulated. Also, because
administrators can customize their own tools, using pieces from various vendors, they can create tools that
contain only the UI they need to complete their tasks.

 Integration: The UI for all the management tasks an administrator must perform are collected into a single
console. As new applications are added to a computer or network, their administration is integrated into the
existing administration common console.

 Customization of Consoles: Administrators can create custom consoles tailored to their particular
management needs. This is useful in enterprise environments that divide administrator groups according to
duties. For example, you can create a custom console for software installation and maintenance, another
one for scripts administrators, another one for security Group Policy, and so on.
 48
Benefits of MMC
 Delegation: Administrators can easily modify existing tools to create new tools with reduced functionality and
less complex views of the tool namespace, then give these tools to others. A person who receives such a tool
is presented with a simpler, more manageable view of the tasks they are being asked to perform.

 Overall Interface Simplification: All tools built for MMC, from Microsoft or third-party software vendors, will have
a similar appearance, making it easier for users to use all tools after learning one. Because you can mix and
match tools from any vendor, you can use the best tool from each management product category. MMC
also enables a single piece of software to provide functionality across the interface in a consistent manner.

 Extensibility: Developers can extend the base functionality of MMC snap-ins by creating extension snap-ins.
This allows software vendors to reuse Microsoft tools without writing a lot of code. Various mechanisms are
available for extending snap-ins, including extending the namespace, context menus, toolbars, Property
pages, and creating Wizard 97-style pages.
Example of snap-in: The administrator is concerned with
49

managing security.
 Security Templates—Administrators use this snap-in to view, configure, and apply the full
range of system security to a local computer. Administrators can also import the security
templates to a Group Policy object associated with a site, domain, or organizational unit. All
computers and users in the site, domain, or organizational unit to which the Group Policy
object is applied will receive the security template settings. A Security Template includes
security settings for the following:
 Security Policies: Includes account and local policies. Account Policies includes security
for passwords, account lockouts, and Kerberos policies. Local Policies includes user rights,
and logging for security events.
 Restricted Groups: Local group membership administration.
 Registry: Security for local registry keys.
 File System: Security for the local file system.
 System Services: Security and startup mode for local services.
 50
How to Configure MMC to Manage a Server Remotely

1. Open Microsoft Management Console.

2. On the File menu, click Add/Remove Snap-in, and then click Add.
3. In the snap-in list, click Computer Management, and then click Add.
4. When prompted, select the local computer or remote computer that you want to
manage by using this snap-in, and then click Finish.
5. Click Close and then click OK.
51
Configuring Remote Desktop to Administer a Server

 What Is Remote Desktop for Administration?

 Why Use Remote Desktop for Administration?
 Requirements for Remote Desktop Service
 How to Enable Remote Desktop?
 Client Preferences for Remote Desktop Connection
 Remote Desktop Connection vs. Remote Desktops
 How to Connect to a Remote Server?
 Guidelines for Using Remote Administration Tools
 52
What Is Remote Desktop for Administration?
Terminal Services
Remote Desktop Protocol
(LAN, WAN, or dial-up connection)

LAN

Remote Desktop Service

enabled on Windows
Administrator Server 2003

Remote computer
running Remote
Desktop Connection
 53
Why Use Remote Desktop for Administration?

Provide remote access to most configuration settings

Diagnose a problem and test multiple solutions quickly
Allow access to servers from anywhere in the world
Perform time-consuming batch administrative jobs, such as tape backups
Upgrade server applications and operating systems remotely
 54
What Are the Requirements for Remote Desktop Service?

Remote Desktop Service must be enabled locally on the remote server

Remote Desktop Service must be configured to allow users to connect
remotely to the server
Systems administrators must have the appropriate permissions to
administer the server
By default, the administrator has remote connection privileges to the
remote server
 55
•How to Enable Remote Desktop

1. Log on as Administrator.
2. On the Start menu, right-click My Computer.
3. Click Properties.
4. Click Remote.
5. Select the Allow users to connect remotely to this
computer check box.
What Are Client Preferences for Remote Desktop
Connection?

 Remote Desktop Connection

preferences
◦ General
◦ Display characteristics
◦ Local Resources
◦ Programs
◦ Experience
 57
Remote Desktop Connection vs. Remote Desktops
Service Functions
Connects to one server (running Remote Desktop) per session
 You can run multiple connections if you run multiple copies of Remote Desktop
Remote Desktop Connection
Connection  Console tree displays name of server
Each connection can be displayed full screen or in a window
Opens a remote session to a server by default
Connects to multiple servers simultaneously
Each connection is displayed in the MMC console:
Remote Desktops  Console tree displays name of server
 Details pane displays remote session
Opens the console session by default
 58
How to Connect to a Remote Server?

Connect to a remote server using Remote Desktop Connection

Connect to the console session on a remote server
Connect to a remote server using the mstsc command line tool
59
Guidelines for Using Remote Administration Tools

Tool Use to:

Computer Manage and monitor server events, performance, shared folders,
Management data storage and start and stop services

Remote Desktop for

Perform all tasks as if you were at the remote server console
Administration
60
Managing Remote Desktop Connections

 What Are Timeout Settings for Remote Desktop Connections?

 How to Configure Timeout Settings for Remote Connections
 What Is Terminal Services Manager?
 How to Manage and Monitor Sessions Using Terminal Services
Manager
61
Managing Remote Desktop Connections

 What Are Timeout Settings for Remote Desktop Connections?

 How to Configure Timeout Settings for Remote Connections
 What Is Terminal Services Manager?
 How to Manage and Monitor Sessions Using Terminal Services
Manager
62
What Are Timeout Settings for Remote Desktop Connections?
 Specifies how long client sessions can remain active on the server
Connection sessions remain open after the Remote Desktop window is closed on
the client computer
Configure timeout settings to reset the session or log off the user
 Use timeout settings to prevent a remote connection from consuming valuable
server resources

Timeout Settings Description

End a disconnected session Forces a user to log off after disconnecting
Active session limit Disconnects the user after the time limit is exceeded

Idle session limit Disconnects the user after the amount of idle time is exceeded
63
How to Configure Timeout Settings for Remote Connections

1. Click Start.
2. On the Administrative Tools menu, click Terminal Services
Configuration.
3. In the details pane, right-click RDP-Tcp, and then click Properties.
4. On the Sessions tab, select the first Override user settings check box.
5. Adjust the appropriate settings:
6. End a disconnected session
7. Active session limit
8. Idle session limit
64
What Is Terminal Services Manager?
 Monitors user sessions
 Manually forces user logoff or session disconnect
 You can oversee all users and sessions on a server from one location
65
How to Manage Sessions by Using Terminal Services Manager

Monitor a remote session

Log off a remote session
Disconnect a remote session
Log off a disconnected session
 66
Roadmap/Mind Map