You are on page 1of 30

Intro to Systems Administration


Table of Content
• Creating User Accounts • Creating Group accounts • Creating Computer Accounts • Group Policy • Disk Space, Sharing and Permissions • Disk Management

Creating User Accounts
In the Active Directory Users and Computers, one can manage or change the settings of user accounts. How to?
1.Click start -> Administrative Tools ->Active Directory Users and Computers. 2. Right click the users container -> New, and click User. 3. Enter Name and Last name, and then enter the User Logon name, e.g. petruss/ spetrus 4. Ensure that your domain is correct then click Next. 5. Enter your password twice to confirm it. (Complex Password) 6. Can choose then if user should change password at next Logon, or not.

which then sends it to all members of that group.Group Accounts Group accounts help to minimize the administrative effort associated with assigning rights and permissions to users with common needs. . 2) Distribution Groups q Are used when sending an e-mail to a group. You have two different types in Windows Server 2003 1) Security Groups q A Security Identifier (SID) that allows groups’ assigned permissions to resources as well as rights to perform various tasks defines this group.

• The Scope identifies the extent to which the group is applied in the domain tree or forest.Group Accounts : Scope • Whether a group is a security group or a distribution group. • Different Scopes • Universal • Global • Domain Local . it is characterized by a scope.

Enter the New Group Name in the box. click the member’s tab. then click OK to create the group. 2. and then choose the Group type. Use add button to add users or other groups to the group created. then click OK to close properties box.Then double click the group name to view its properties. 3. and click on Group. Right click the users container -> New. Security or Distribution. 4.Creating Group Objects 1. .Click start -> Administrative Tools -> Active Directory Users and Computers. select the group scope. local or global.

Then Click Finish and the new computer will appear in Computers container. In the Managed screen. 4.To create and manage Computer accounts. . Computers are also required to have accounts in Active Directory 1. 6. and click on Active Directory Users and Computers. Click start. and then click Next. Enter the workstation name. Right-Click the new Computer name. Right-click the computers container and then select New. 2. 3. 5. click Next. then click Computer. and click properties to view and change the settings of new computer. select Administrative Tools.

and groups of users. and for those that are part of a domain. desktops. domain. an administrator can use Group Policy to set policies that apply across a given site.Group Policy • Administrators use Group Policy to define options for managing configurations of servers. • Local policy settings can be applied to all machines. or range of organizational units (OUs) in the Active Directory “Introduction to Group Policy in Windows Server 2003 Microsoft Corporation Published: April 2003” .

Number of times a user can try to login before being locked out. • Passwords: . • To view group policies: 1. then click on Properties.Enforce password history. (After how many days should a user change their password. Click on the Group Policy tab. passwords and Kerberos etc.Group Policies Group policies deal with account lockouts. Right Click the Domain object in Active Directory Users and Computers. . defines the number of passwords to be unique before a user can reuse an old password.Enforce user logon restrictions using Key Distribution Center (KDC.) • Kerberos: . and then click on the Edit button to show account policies. 2. • Lockout: .

. disks and disk Storage Why have a network? • • • • The Sharing of network resources Network resources need to be secured Restrictions and permissions Administrator can limit certain groups and give complete control to others.Managing file access. (Windows Server 2003).

Centralized network resources through the use of shared folders There are two ways of creating shared folders: • • Creating a shared folder using Windows Explorer Creating a shared folder using Computer Management Console .Shared folders • • • These are data sources that have been made available over the network to authorized users.

4. Then Click OK. . Right click on folder -> Sharing and Security. click the share this folder radio button. In the sharing tab.Creating a shared folder using Windows Explorer 1. and folder should be shared. 5. To verify browse to your network folder and view shared folder. Open Windows explorer and create a new folder under c:drive. 2. 3. and the name of the share in the text box.

Click the + Symbol next to Shared Folders. .Creating a shared folder using Computer Management Console 1. type in folder or browse location. and click on Shares 3. At folder path. 6. 2. At Permissions screen choose permission type for folder then click finish. If folder does not exist you will be prompted to create by clicking Yes. Right click on My Computer and click on Manage. Right click the Shares folder and click New Share 4. then click Next 5.

Then select permissions Full Control. Read. Click on Add to select users. Then click Apply and OK. or Change. . Under Sharing and Security of folder click on Permissions. 3. 2.Implementing Shared Folder Permissions 1. 4. computer or groups to add.

Supports in practice from 2Terabytes to 16Terabytes. and it has no security features. supports for Active Directory. It has support for remote Storage. greater scalability. permissions on files and folders resources. c) NTFS File System: • Introduced in Win NT OS. . and has recovery logging of disk activities.g. • Win Server 2003 supports partitions for FAT up to 4GB of space. but is capable of addressing up to 16 Exabytes. • FAT has a partition size limitation. • Comes with better performance. and has the ability to configure security permissions. • Does not have any advanced security features e. b) FAT32 File System: • Supports much larger partitions up to 2Terabytes.Windows Server 2003 supports 3 types of file systems a) FAT File System: • Used by DOS and is supported by all Windows OS since.

his permissions are all permissions put together.NTFS Permissions • These permissions can only be applied on files and folders that exist in partitions formatted with NTFS file system. and child folders and files inherit permissions unless otherwise specified. that means if a user is member of different groups. and its cumulative. . • It can be set at file or folder level. • NTFS permissions are configured through the Security tab.

Then select permission for different users. select the Security tab 2. Read & Execute. only NTFS permissions apply. Click the advanced button. 6.Implementing NTFS Permissions 1. . Write etc. computer and groups. • When Shared folder and NTFS permissions are combined: • Over a network the most restrictive permission of the two becomes the effective permission. 5. Modify. to specify inheritable properties. 3. • When a file is accessed locally. Under the Sharing and Security of Folder. Read. For special permissions. either Full Control. Click the Add button to add user. click on Remove. To remove any Groups or Users. click advanced button and modify Permissions for users and groups. 4. Then Click Apply and the OK.

• Each partition acts as a separate storage on the disk. . any can be configured with FAT. as there are basically no restrictions to the number of volumes that can be implemented on the disk. only one can be marked as the active partition. • Dynamic Disks • Does not use partitions. because they provide additional features and capabilities. • Not restricted to the size initially configured. • If more then one primary partition is configured. FAT32 and NTFS. • Provides a new flexibility. but volumes instead.Disk Management : Windows 2003 Server supports two data storage types • Basic Disks • Uses traditional Disk management Techniques and contains primary and extended partitions and logical drives.

• Once created. meaning space that is left after primary partition has been created. • It is not formatted or does not have a drive letter assigned. The disk is described as logical because it does not actually exist as a single physical entity in its own right . • The active primary partition is where the computer looks for the hardware specific files to start the OS. it can be further divided into logical drives each getting their drive letter.Basic Disks Primary Partitions: • There are at least one configured on a drive • Usually contain the operating system start-up files at the beginning of the partition. • Can only be one extended partition on a standard basic Disk. Extended Partitions: • Created from space that is not yet partitioned.

can it be extended. Any new disks added then the spanned volume can be extended to include it. which can be extended by adding. Spanned volume: . Also increases performance.Consist of space of combining from 2 to 32 Dynamic Disks and treat all as single volume. Note!! If one disk fails.Is dedicated and formatted portion of disk space. unallocated space to the volume later. the entire volume is inaccessible.Extends the life of the hard disk drive by spreading data equally over two or more drives. Striped Volume: . because read and writing to disks is faster as it would have been with only one drive. thus reducing the number of drive letters. thus one drive does not work more then the other. Note!! Data can be lost if one or more disks in striped volume fail. . Note!! Only if formatted with NTFS. thus it is useful when storing large databases and data replication from one volume to another.Dynamic Disks Volume Types Simple volume: .

showing the properties page for the disk drive. In the lower right pane. Hardware. 5. 7. 1. 6. right click the drive and click properties. Expand Storage. Tools. Sharing. right Click Disk 0 and click Properties. The Policies tab is used to configure write caching and safe removal settings. Right-Click My Computer and click Manage.Managing partitions and volumes Managing your Disk properties using Disk Management Tool. 3. Shadow Copies. 8. Quota and Security to configure your drive. To check your drive properties. 2. Here you have different options like. . and click Disk Management. 4. The Volumes tab lists all partitions configured on the Disk The Driver tab allows you to view details about currently installed driver.

To Delete Partition. 4.Creating and Deleting a Primary Partition. 7. 1. 3. Then check Perform a Quick format and click Next and the Finish. Then assign the drive letter and click Next. right click Disk 0. and click Next. 6. In Disk Management. right Click the Volume and select Delete Partition. . Then select the Primary Partition radio button and click Next. Click Next. 2. Specify the size of the partition in MB. at New Partition Wizard. and click New Partition. 5.

Creating an extended Partition 1. and click New Partition. 4. Then select the Extended Partition radio button and click Next. Specify the size of the partition in MB. 3. and click Next and then Finish . In Disk Management. right click Disk 0. 2. Click Next. at New Partition Wizard.

right click Disk 0. 4. 6. Then select Format this partition with the following settings. Then select the Create new logical drive option and click Next. at New Partition Wizard. and click Next and then Finish. . Click Next. Select the drive letter and click Next. 3. type in the Volume label. 5. Then specify the size in MB. 2.Creating a logical Drive 1. In Disk Management. and click Next. and click New Logical Drive.

. 1. 3. If Disk Management Dialog appears the click Yes. Then Click Yes to confirm that the file systems on disk will be dismounted 7. 5. Right Click Disk 0 and click Convert to Dynamic Disk Then click OK. 6. Right-Click My Computer and click Manage. 2. Then computer will be rebooted when done. and click on Convert. and restore from backups later. so back-up your dynamic disk. Note !! To go back to basic disk.Converting a Basic Disk to a Dynamic Disk. 4. all volumes will have to be deleted. Expand Storage. and click Disk Management.

Your Server will include either 2-3 harddrives with RAID controllers. or for speed. • Lets look at the different levels of RAID setup. preventing data loss and enabling relatively uninterrupted access to data. • The Harddrives are controlled through these controllers depending on how it has been setup. • RAID is setup depending on level of fault tolerance.Disk Management: Fault Tolerant disk Strategies • Allows setup of the system to recover from hardware and software failure. . whether it be for backup. • Windows 2003 Server allows this fault tolerance through software RAID (Redundant Array of Independent Disks):.which is a set of standards for lengthening disk life.

RAID Levels 1) RAID level 0: . providing a means of duplicating the operating systems files in the event of disk failure.Used for simple mirroring. It places the backup on a different controller that is used by main disk.Uses an array of disks whereby the data is striped across all disks in the array. 2) RAID level 1: .Striping (Striped Volumes) with no other redundancy features. . it is just for extending disk life and improve performance. This RAID is much slower as all data has to be written twice. 3) RAID level 2: . and it contains errorcorrecting information on each to reconstruct data from a failed disk.

Includes striping. but stores the error correcting info only on one drive. 5) RAID level 4: . Recovery for this RAID provides same guarantee as with disk mirroring (level 1). the reconstructed file size is compared the checksum size. So when disk fails and data is reconstructed. so if that drive fails cannot reconstruct the data.Raid levels 4) RAID level 3: .Same as level 2. 6) RAID level 5: . . which is the sum of bits on a file. and has much faster read access then Level 1. However this RAID uses more memory then others. error correction and checksum verification. and all are spread across all of the disks.Same as level 2. but can perform checksum verification. and if the two don’t match then files might be corrupted.

downloaded programs. • DISK Cleanup: For removing of temporary internet files. • CONVERT: Command line utilities for converting file systems from FAT – FAT32 or volumes to the NTFS file system.locates fragmented folders and files and move them to a location on the physical disk in a contiguous order. To name a few: • Check Disk: Allows for scanning of disk for bad sectors and file system errors. which you access by opening the properties of a drive.Disk Maintenance and Management Utilities There are a variety of Utilities apart from the Disk Management Tool. . • Disk Defragmenter: . windows temporary files and installed programs no longer used. files in Recycle bin.

and Melissa Craft with Anthony Steven of Content Master. Jill Spealman.References • MCSE (Exam 70-294) Planning. Published by Microsoft Press 2006. and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure 2nd Edition. ISBN: 0-7356-2286-8 • Windows Server 2003 Weekend Crash Course Published by Wiley Publishing 2003. ISBN: 0596-00464-8 . ISBN: 0-7645-4925-1 • Active Directory Cookbook Published By O’Reilly 2003. Robbie Allen. Don Jones. Kurt Hudson. Implementing.