Professional Documents
Culture Documents
Module 12
2020
2. Login
3. Navigate to D:\Courses\COMP-10041\Scripts
6. Open VirtualBox
• Perform this procedure immediately starting every class unless told otherwise
2020
Multiple Accounts for the Network
Administrator
• An experienced network administrator knows that it
is important to have two working accounts:
1.Administrative account
− Only used when doing administration tasks
2.Regular user account
− Used except when performing admin tasks
− Reduces the chance of the administrator accidentally
altering network resources and settings for everyone when
a procedure was only intended to impact the
administrator’s personal environment
2020
Secondary Logon Feature
“Run as administrator”
• Typically, network administrators spend a lot of time logged
on with their regular user account
• There are many instances when a quick administrative task
needs to be performed and it’s inconvenient to log off the
regular account and log back on with the administrator
account, perform the task then log back on as a regular user
• There is a secondary logon feature that allows you to execute
a command as a different user than the currently logged on
user without having to log off first
• The “Run as administrator” option is used to access this
secondary logon feature
2020
Activity: Using the Secondary Logon Feature
• Here is a situation when the secondary logon feature would
be handy
– By default only members of the Administrators or the Server
Operators group can create shares on a server
• Log on with the Juned Painter account Password
(P&ssw0rd). (Juned has never logged in yet so you will need to change his password)
– Assume you want to add the Juned Painter account to the Server
Operators group
– The Juned Painter account does not have permission to add a user
to this group
– You don’t want log off and log back in again as an Administrator in
order to add the account to this group
2020
Activity: Using the Secondary Logon Feature
1. Select Start and begin typing Administrative Tools
2. Choose Active Directory Users and Computers
– The current user doesn’t have the Administrative Tools on their menu
3. Open Active Directory Users and Computers, locate any user and
attempt to make a change to their information
– You should not be successful
4. Close the console and from the Start button, once again begin to type
Active Directory Users and Computers
5. Right click on Active Directory User and Computers and select Run as
administrator
6. Provide the domain administrator’s name and password
(Anthony.Green, AdminP@ss)
2020
Activity: Using the Secondary Logon Feature
6. To verify that you are running this utility as the domain Administrator,
Anthony.Green and not as Juned Painter, start a Task Manager window
− i.e. CTRL, ALT, DELETE and select Task Manager or from the Run menu,
type taskmgr
• From this point on, any time you must perform a task requiring
administrative privileges that your current account does not have, you
can use the secondary logon feature to accomplish the task
2020
Activity: Using the Secondary Logon Feature
• Although right clicking on an application only gives you the option to
run as Administrator, you can run any application as any user
14. Select the Start button and type the following command exactly:
runas.exe /user:acme\tony.green notepad
15. When prompted, provide the password for Tony Green (P@ssw0rd)
16. Use Task Manager to determine that notepad is running under the name
Tony Green
17. Log off then log on to the acme.com domain as Tony Green (P@ssw0rd)
2020
Shared Folder Access
• In order to make network resources, such as
files and folders, available to remote users
on a network, those resources must be
configured to be shared
• Two sets of permissions control who can
access a share:
− Share permissions
− NTFS permissions
2020
Share Permissions versus NTFS Permissions
ADMIN$
C$
IPC$
NETLOGON
SYSVOL
2020
Purpose of Specific Special Shares
• What is the purpose for these special shares?
–Research the purpose for these special shares.
ADMIN$
______________________________________________________________________________________________________________________________
______________________________________________________________________________________________________________________________
IPC$ ______________________________________________________________________________________________________________________________
______________________________________________________________________________________________________________________________
NETLOGON
______________________________________________________________________________________________________________________________
______________________________________________________________________________________________________________________________
SYSVOL
______________________________________________________________________________________________________________________________
______________________________________________________________________________________________________________________________
DriveLetter$
______________________________________________________________________________________________________________________________
______________________________________________________________________________________________________________________________
2020
Hidden Shares
• By using a $ (dollar sign) as the last character
in the share name, the share will be hidden
• A hidden share cannot be seen when
browsing network resources with tools such
as Windows Explorer and Net View
• A share can be hidden but not necessarily be
a special share
2020
Activity: Mapping a Drive to a Hidden Share
• In the following procedures you will attempt to map a network drive to a hidden
share
10. You have just successfully mapped the local drive letter Z: to a network
share; now close the window
11. Open This PC
12. Double click the entry admin$ (\\acmeserver) (Z:)
− This is the reason for “mapping a drive” – to provide quick access to network
resources
• Now that you have connected to these shares, the # Client Connections to these
shares should have been updated in Computer Management
• Note the entry under # Client Connections for both the Corporate share and the
Admin$ share
2020
Activity: Determining the Number of
Connections to Shared Folders
• There should be 1 connection for the Corporate share
• This information is not dynamically updated and will need to be
refreshed in order to display the most recent information
5. Refresh the data by either clicking the Refresh option under Action or
pressing F5
2020
Activity: Determining Who is
Currently Connected to Shared Folders
6. Right click on the entry associated with the file and select Close Open File
− This file is now available for use by another user and will not have to be
opened in Read Only mode
2020
• You should now see the files and folders that are located on the root of
the C drive on the acmeserver
2020
Activity: Mapping Using an Alternate User
Account
• The Juned Painter account has not been given the permissions it needs to have
full access to the Corporate folder
• However, now that you are mapped to C:\ on the acmeserver with the
Administrator account, you will now be able to open the Corporate folder
• Since you’ve mapped to the acmeserver with the Administrator credentials, you
can now map to other shares on the acmeserver without providing those
credentials again