NETWORKING MATERIAL
BEACONBYTES
http://www.amjad-hr.blogspot.com
NETWORKING:- connect devices through a transmission media (cable/wireless) is called network, for purpose of sharing resources, file, folder, printer and other things also.
DIFFERENT TYPE OF NETWORKING:-
LAN:- local area network
CAN:- campus area network
MAN:- metropolitan area networking
WAN:- wide area network
LAN:- In LAN PC’s are connected through a transmission media in one building.
CAN:- In can we connect different buildings lands through a transmission media, this can support up to 10k.m only.
MAN:- In MAN we connect different buildings with metropolitan area using, access points, It support only up to 100k.m.
WAN:- WAN is a LAN of LANs in WAN we connect PC’s through PSTN line WAN is two types, they are 1) public network (internet) 2) private network (enterprise network)
NETWORKING COMPONENTS
CLIENT:- Client are the network computers with out having hand disk, CD-Rom, Drive and Floppy Drive, they are accesses resources of server.
SERVER:- Server is a computer that is provide service (shared resources like CD-Rom, Floppy drive, Printer, Folder) to connected clients.
NODE:- Node is a device like client, server of printer or scanner which is exchanging information in network.
HOST:- Any devices PC/printer/fax/scanner connected using TCP/IP network is called HOST, every host have a unique name, the maximum length of host name is 15 characters.
SIGMENT:- A connection from system to HUB is called a segment.
PEER-TO-PEER NETWORK:- In this all PC’s are connected each other using transmission media and HUB or switch, this PC’s are sharing resources, there is no centralized administrator, Every PC’s act as a client and server, no security in this network.
SERVER BASE NETWORK:- In this network PC’s are connected each other and they one sharing resources (CD-Rom, Printer, Files and Folders), one PC controlling the complete network that is called server, other PC’s are called clients, high security available in this network.
PSTN:- public switch telephone network
NIC:- network interface card
FOR CREATING A LAN WE REQIRE
Hardware software
PC’s Network OS
NIC NIC Drivers
Transmission media(Wire and wireless) Protocols
Connectors
SERVER OS FROM DIFFERENT COMPANIES
Microsoft Unix Linux Novel IBM
Window NT Sun Solaris red hat ES and AS novel net ware
(first server OS) Lotus notes
Windows 2000 server HP Unix
Windows 2003 server Sco Unix
COMMUNICATION PROTOCOLS
Net BIOS windows to windows
IPX/SPX Novell to Novell Netware
TCP/IP Every OS (universal protocol)
LAN TOPOLOGY:- The structure of the layout of the network is called as the topology of the network.
NETWORK TOPOLOGY:- it is divided into two types
PHYSICAL TOPOLOGY:- It explains the actual physical layer out of the Network
LOGICAL TOPOLOGY:- It explain the logical flow of the data through the network.
TOPOLOGIES ARE FIVE TYPES:-
Bus topology
Ring topology
Star topology
Mesh topology
Hybrid topology
BUS TOPOLOGY:- In this transmission is very slow and there is possible of data loss at a time only one system can transmit data in the network. It one connection is damaged complete network will damage.
RING TOPOLOGY:- In this data flow in the form of packets, Every packet contains destination address, source address and data, If our connection damage complete network will damage.
STARTOPOLOGY:- In this topology multiple data transmission will happen, If one connection fail your network never effected.
MESH TOPOLOGY:- In this topology every server directly connected with other server, ATM’s are working depending on this network only this is very costly and very fast, this is only in server.
HYBRID TOPOLOGY:- mixing of Bus topology, Ring topology, Star topology, Mesh topology is called hybrid topology.
TECHONOLOGY DEPEDS ON TOPOLOGY:-
ETHERNET TECHONOLOGY:- In star topology we use Ethernet technology NIC cards.
TOKEN RING:- For connecting Ring topology we use token Ring NIC cards.
NIC CARD:- NIC card is a interface which connected your system through transmission media, NIC card connection 3 ports 1)AUI port 2)RJ-45 3)BNC
AUT:- (Attachment unit interface) this is the universal connector sun machines and other branded computers like DELL, IBM, this all will use this port AUI port contain 15pin female port.
RJ-45:- This is 8pin port, we use cat 5 cable to connect to the RJ-45 port.
BNC:- This port will be used by the cable net provider.
MANUFACTURES OF NIC CARD:- VIA, INTEL, REAL TECH(RIL), 3.COM, D-LINK, BST LINK.
TRANSMISSION OR DB15 CONNECTOR:- This connector convert the AUI port to RJ-45 port.
FRAMES:- Data flow to the network in the form of frames.
MAC ADDRESS:- Every Ethernet card stores one mac address, mac means media access control address, this mac address is permanently stored in your NIC card this is a 48bit address, We can view this address in our PC in 12bit Hexa decimal format IEEE providing this mac address , this mac address is a physical address of your computer, when a system brow cost a data that data’s targeted address is always ffffffffffff total12f’s that is a cravens mac address.
TRANSMISSION MEDIA:- They are two types 1) wire less transmission media 2) cable transmission media.
WIRE LASS TRANSMISSION MEDIA:- In this data will flow through electro magnetic waves, radio waves, micro waves, infrared waves.
BAND WIDTH:- Any point of time the data flow through cable is called band width, media band width is two types 1) base band 2) broad band
BASE BAND:- Through base band only one signal transmit at a time we use base band for digital data transmission purpose, this is more secure than broad band.
BROAD BAND:- Through broad band number f signals transmit at a different frequencies through a single cable. It is very slow and not secure.
SIGNALING SPEED:- (clock speed) it is used to increase the band width by in creasing the signaling speed this speed majored in Mhz,
Band width = no.of bits * clock speed.
Cables are three types, they are 1) twisted pair 2) Coaxial cable 3) fiber optic’s
COAXIAL CABLE:- In this data flow through a signal copper wire, dis advantage in coaxial is any damage data loss will happen and there will be a huge noise, these are two types.
a) THIN CABLE:- 10Base2 used by cable tv.
b) THICK CABLE:- 10Base5 used by cable net.
10Base2 bandwidth is 10Mbps and it will support up to 200 miters.
10Base5 bandwidth is 10Mbps and it will support up to 500miters.
We use BNC connector for connecting co-axial cable.
TWISTED PAIR:- The twisted pair is divided in to 2types, they are 1) UTP cable 2) STP cable
STP cable is more secure than UTP cable because STP cable has a shield protection. UTP cable has following types
1) CAT1
2) CAT2:- this is used to connect telephone lines.
3) CAT4:-
4) CAT5:- this is used to connect networks, this will support up to 230miters.
5) CAT5E:- this will support up to 300miters.
6) Cat6:- this will support above 300miters.
For ca5,5E,6 we use RJ-45 connector for cat2 use RJ-11 connector speed of cat5 cable is 100Mbps, modem contain RJ-11 connector, Ethernet card contain RJ-45 connector.
FIBER OPTIC CABLE:- this support more than 2k.min this optics cable data flow in the form of light with the speed of more than 100Mbps for connecting CAN network we use this cable.
BSTRIGHT CANBLE:- we use straight cable for connecting different devices, ex:- one said PC and other side HUB.
CROSS CABLE:- Using cross cable we connect same devices. Ex:-both PC’s.
MEDIA ACCESS OF ETHERNET:- method of sending data through network cable is called media access, media is a cable which is used to send the data.
MEDIA ACCESS IS THREE TYPES:-
1) Contention based
2) Token ring
3) Demand priority
CONTENSTION BASED:- this method works depending on following two commands.
CSMA/CD:- carrier service multiple access collision detection.
CSMA/CA:- carrier service multiple access collision avoidance.
COLLISSION:- collision will happen when the two pockets crash together.
TERMINATOR:- terminators are used to prevent the signal bounce and collisions.
TOKENRING METHODE:- this method has been designed by IBM, this is also called as zero collision method, data can be send by a computer which is having token device which is used in this is called MSAV (Multi station access unit)
DEMAND PRIORITY:- this is an 100v.g any LAN 100 voice grade any LAN this is a device which connects all the computers
CABLES AND SPEEDS:-
CABLES STANDARDS
1 2 3
10
100 Base
Base T
T
1000
10 Base
Base T
2
10
1000 Base
Base 5
FX
1. Data transfer speed
2. Broadband of base band
3. Types of cable (T) UTP (2,5) co-axial
(FX) fiber optic
10Base2 thin Ethernet of thin net.
10Base5 thick Ethernet of thick net.
IEEE:- 802- this group work on LAN/WAN.
802 SUB GROUPS:-
802.3 – Ethernet
802.11 – Wireless at the speed 11,25,5 Mbps.
802.5 – Token ring method at the speed 4,16Mbps.
802.3 – Group used the CSMA/CD, CSMA/CA technology.
Under 802.3 there is two groups
1) Slow Ethernet at the speed 10Mbps.
2) Fast Ethernet at the speed 100Mbps.
Any type of cable will used for this
ISO/OSI:- International standard organization open system interface.
It is a reference model, structured layer concept used for of referred for communication in a network. This reference model is called as open system interface means every system should be communicate with other system this model is governed by group of form different organization that organization is called ISO.
ISO/OSI MODEL HAS 7 LAYERS:-
7. Application layer
6. Presentation layer
5. Session layer
4. Transport layer
3. Network layer
2. Data link layer
1. Physical layer
7) APPLICATION LAYER:- It is an user interacting layer in which all sending applications will be interacted by user. The protocols which work
At this layer HTTP (hyper text transfer protocol) FTP (file transfer protocol) SNMP (simple network management protocols).
6) PRESENTATION LAYER:- In this layer data is send in appropriate format like encoding, decoding, compression, will work in this layer (Extension means DOC, PPT, XLS, Tabular, MP3, MPEG, VOJ).
5) SESSION LAYER:- Creating maintaining and disconnecting the session as well as data is send in which format like simplex and duplex (Half, Full).
4) TRANSPORT LAYER:- It is a core layer in which transmission, Retransmission of data will happen with acknowledgement, data is divided into segments, the protocol is work at this layer is TCP, UDP.
3) NETWORK LAYER:- In this layer segments are converts into packets and each packets is assigned with logical address called as IP address, these packets are transfored from one network to another network’s IP address (router, brouter).
2) DATA LINK LAYER:- It is divided into two part’s one is MAC address went is LLC in this layer packets are converted into frames and each frames is assigned with MAC address (BRIDGE).
1) PHISICAL LAYER:- Data is converted into binary signal and binary signal to analg signal and these signals are transport via transmission media (repeater, HUB, Switch).
TCP:- Transmission control protocol this protocol is working in transport layer TCP is a connection oriented protocol, UDP is a connectionless protocol, TCP communication is slow campuses to UDP but it is very secure TCP check error connections.
IP:- internet protocol this protocol brought cast data through a proper interface. It will slow the path to data, IP just add an logical address on every packet.
0 0 0 0 0 0 0 0
IP ADDRESSES:- This is a 32bit address this address divide into four parts each port contain eight bit, it all 8bit are zero’s
The IP address is 0.0.0.0
this is default address of router.
It all bits are one’s
1 1 1 1 1 1 1 1
The IP address is 255.255.255.255
This is a brought cast IP address
This IP address depending on use divided into two types, they are public IP, private IP.
IP ADDRESSES ARE CLASSIFIE IN TO 5 TYPES:-
1) Class A – 1 to 126
2) Class B – 128 to 191
3) Class C – 192 to 223
4) Class D – 224 to 239
5) Class E – 240 to 255
127 is the loop back address for system selfchacking purpose from 127.0.0.1 to 127.254.254.254
Class A – 1 – 126
IP address
In this one network ID starts from 1.0.0.1 to 1.254.254.254 this is one complete network ID, in class A first bits one called as Network ID, remain 24bits are host bits, when the network ID has been changed, we can not connect the systems which have different Net ID’s
Class B – 128 – 191
IP address
In this one network ID started from 128.0.0.1 to 128.0.254.254
In class B first 16 bits are called as network ID and remaining 16bit is HOST 16bits, you that in class B first two numbers should be same.
Class C – 192 – 223
IP address
In this network ID is 192.0.0.1 to 192.0.0.254
In class C first 24bits are called as Net ID remaining 8bits are HOST ID, so that in this HOST 3 numbers should be same.
PRIVATE IP ADRESS:- same IP’s are reserved for internal use purpose, this IP’s are not unique in world.
Class A – 10.0.0.1 to 10.254.254.254
Class B – 172.16.0.1 to 172.31.254.254
Class C – 192.168.08.1 to 192.168.08.254
TCP/IP:-
ARPA – advanced research project agency.
ANC – advanced networks and service.
TCP 3 WAY HAND SHAKE:- between two transport layers data will flow in the form of segment, it third transaction completed successfully in between this layer is called TCP 3 way hand shacking.
POCKET:-
HEADER:- It contains miscellaneous information such as segment numbers, acknowledgement, error check.
FRAME:-
BIT’S:-
0 1 1 1 0 0
From bit’s data will convert into analogsignals.
ARP:- (Address resolution protocol)this protocol work on network layer it is responsible for opting hardware address in windows:- ARP – a
ICMP:- internet control management protocol, it used to report error and send massage about delivery pocket this protocol work on network layer. If you are in TCP/IP network, If error is “destination unreachable” means route is not founding any destination if error is request timed out means destination exists but you are not getting response means time to leave is ‘0’ when time to leave of a packet is ‘0; we will get this error.
SUBNET MASK:-
Class A – 255.0.0.0
Class B – 255.255.0.0
Class c – 255.255.255.0
LOOPBACK ADDRESS:- 127.0.0.1
STATIC IP:- Adding IP address to a pc manually is called static IP.
DYNAMIC IP:- System getting IP address dynamically from DHCP server, It may be change time to time.
EXTENDING NETWORKS
REPEATER:- Repeater regenerate the signal and this is for amplification purpose, repeater works on physical layer.
EXTENDED DEVICES ARE DEVIDED IN TWO TYPES
INTRANET INTRERNET
Repeater
Hub
Switch
Bridge Router
Brouter
Layer 3 switches
HUB:- using hub we can connect more than two systems, HUB is a broad cost device, HUB we called as multiport repeater, HUB is a single collision device in HUB bandwidth is shared by all ports, HUB is a multicast device in HUB there is a one port called HUB link port using this we can connect the another HUB this connection is called as cascading of HUB.
HUB IS TWO TYPES
ACTIVE HUB:- active HUB act as a multiport repeater, it regenerate the signal and amplify the signal, this HUB require power supply, active HUB are different types
1) Five port HUB
2) Eight port HUB
3) 16 port HUB
4) 24 port HUB
PASSIVE HUB:- it will not regenerate the signal, it just divides the signal and this HUB will not require power supply.
DATA FLOW IN THE FROM OF SEGMENT:- The connection from HUB to PC is a one segment, in cat5 cable there is 4 pairs of cable, 3 pairs of cables are only for reciving data, 1 pair of cable is for sending data.
SWITCH:- Switch is called as intelligent HUB. Because it maintain the MAC address table switch is a multi collision device switch never share the signal bandwidth switch is unicast device this is work on physical layer, switch is a layer2 device, when we start the switch one’s it broad cast and get the all system’s MAC address.
SWITCH TYPES:-
1) 8 port switch
2) 16 port switch
3) 24 port switch
4) 32 port switch
5) 96*11 rack also available
DIFFERENCE BETWEEN HUB AND SWITCH
HUB SWITCH
1) HUB is a single collision device.
2) Hub is a multicast device.
3) HUB will not maintain any address table.
4) In HUB bus topology is used.
5) HUB shares the bandwidth.
6) HUB broadcast the data. 1) Switch is multi collision device.
2) Switch is a unicast device.
3) Switch maintain MAC address table.
4) Tin switch mesh topology is used.
5) Switch’s not share the bandwidth.
6) Switch only one’s brought cast the data.
BRIDGE:- using bridge we can connect different type of topologies (bus or token ring), this bridge working on data link layer.
ROUTER:- we use routers in wan for connect different remote subnets using router we connect enterprise network this router work on network.
BROUTER:- using brouter we can connect different topologies in wan it will work on network layer.
LAYER3:- ISP’s use layer3 switch it at a switch it act as switch come router, using layer switch ISP provide ISDN connectivity, this layer 3 switches work on network layer.
GATEWAY:- In router one port is there named ‘eo’ this port has been called as gateway. Thorough gateway, we send and receive this data.
Cat5 and cat6 cables support maximum 100meters but cat5 transmit data at the speed of 100Mbps, cat6 transmit data at the speed of 180Mbps.
FGDN NAME
DNS:- (domain naming system) domain is a group of networked computer. They are sharing there resources (cd-rom, printer, folders, files) in this one or more PC’s act as a reveres for centralized administrator purpose, this is called as domain in this more security is available.
WORKGROUP:- group of computers connected in a peer to peer network, they are sharing resources every PC, act as a client or server no centralized administration, there is no security.
In windows server called as dc(domain controller), client is called as member of server.
SUBNET MASK:- subnet mask differentiate between a signale IP address network ID and host ID.
How to find out network ID
Class A – subnet mask 255.0.0.0 and
IP address 12.1.1.0
Net ID 12.0.0.0
IP ADRESS SUBNET MASK NETWORK ID PRIVATE/PUBLIC
101.0.3.10 255.0.0.0 101.0.0.0 Public
125.125.0.3 255.0.0.0 125.0.0.0 Public
127.127.0.10 This is 1000 back Address
190.10.224.3 255.255.0.0 190.10.0.0 Public
200.255.200.3 This is not A IP add Ness
224.10.0.254 255.255.255.0 224.10.0.0 Public
10.254.0.3 255..0.0.0 10.0.0.0 Public
172.32.5.3 255.255.255.0 172.0.0.0 Public
255.255.255.255 This is brought cast address
20.150.3.254 255.0.0.0 20.0.0.0 Public
192.168.7.5 255.255.255.0 192.168.7.0 Public
PROBLEM:-
If your LAN card’s backside light not glowing when you connect the CAT5 cable?
SOLUTION:-
1) Cable not crimped properly.
2) Cable loose connectivity both saides.
PROBLEM:-
In HUB physical network connected properly, but al lights are not glowing?
SOLUTION:-
Power problem in HUB.
PROBLEM:-
If one segment light is not glowing?
SOLUTION:-
1) Segment not crimped properly.
2) Lose connectivity both sides.
PROBLEM:-
On your LAN icon if you get question mark?
SOLUTION:-
IP address has been conflict means other system also using same IP.
How to view network interface deice?
My network places – right click – properties than you get all the configured network interface devices.
How to view other pc’s information from your system?
My network places – open – entire network click on this – Microsoft windows – workgroup of domain icon will appear click on that – all network pc’s will appear click on any pc you can view the files and folder which are shared.
How to ad IP address? What are the protocols available on network properties?
Under network properties
Client for Microsoft network:- this client service is useful when you one connected pc’s in a Microsoft network
Client for Netware:- this service is useful for adding a client in a novel Netware.
Network load balance:- for create clusters we use this.
File and printer sharing:- Because of this service only we are sharing files and printers.
FQDN:- (fully qualified domain name) this name contain two parts, they are 1) host name 2) domain name
Maximum length of domain name is 63 characters.
Maximum length of host name is 15 characters.
INTERINC:- this is an organization which will give the domain names.
DNS:- domain naming service or domain naming system, DNS is a one service for host resolution purpose.
HOST RESOLATION:- assigning a human understandable name to the numerical IP address is called Resolution. EX:- 200.210.4.5 -
DNS is two types:-
1) client DNS
2) server DNS
CLIENT DNS:- When we install one Os by default client DNS enabled in your system which is storing host recorder in a temporary buffer area, this DNS is called “cache DNS”
SERVER DNS:- In a domain network one PC working as a DNS server. It stores all the host recorder permanently in zone files (text files).
DHCP:- (dynamic host configuration protocol) When we add IP address manually following problems will occur.
1) IP adding will conflict when static IP
2) Adding static IP manually in a big network is default job.
3) Not secure.
For solving above problems they invent boot p protocol, implementing boot server also a default job for domains.
Collecting MAC address manually server side adding MAC address to IP addresses.
Depending on boot p DHCP was developed; in DHCP only give the range (scope).
All DHCP client side one protocol work it is boot p when you start a client system boot p send request along with MAC address to DHCP server.
RESOLVING IP ADDRESS TO MAC ADDRESS
ARP:- address resolution protocol this protocol send 4 type of massages.
ARP REQUEST:- System know the destination IP address requesting for MAC address.
ARO REPLAY:- This request response to every request it will inform the MAC address.
This technology all ISP use this ATM technology, data flow is very fast 620Mbps asynchronies transfer mode – ATM.
In this technology data will now in digital format.
APPLE TALK:- this is developed by apple macanintosh using this we can connect two apple pc’s.
TCP/IP SERVICES
HTTP:- (hyper text markup protocol) this protocol work on application layer we access web sides using this protocols every browser’s work depending or HTTP. HTTP works using TCP/IP services.
HTTP port no – 80
PORT NUMBER:- in application layer every service have it’s own unique identification number this number is called port number (server address).
BROWSER:- Browsers is small application, using this application we can access web sides through internet. Browsers are two types they are
1) Graphical base browser.
2) Text base browser.
IN WINDOWXS:-
1) Internet explorer
2) Netscape navigator
3) More zeal
FTP:- (file transfer protocol) using this protocol we can download, upload files in internet or internet FTP port number – 21.
TFTP:- (trivial file transfer protocol) this is mainly use full for file transfer purpose using TFTP we can take backup of router.
RARP REQUEST:- (reserve address resolution protocol) system know the MAC address requesting for the IP address.
RARP REPLY:- it will give reply for RARP request we can know all MAC address using ARP – a command.
TRANCE ROUTER:- tracert 200.0.0.1 using this command wwe can find out that data following through hw many routers.
HOST FILE:- in olden days there is a file called lm host which will maintain al the MAC address and IP addresses now days this has been changed to HOST file.
%rot drive%/windows/system32/drivers/etc
In this there is host file, this file maintains all the host and I address.
HOW TO CREATE DNS CLIENT?
Client side select local area network connection right click – properties – TCP/IP – properties – her we can add static IP subnet mask and gateway.
For crating a DNS client that system easily find out only host in the network with the help of DNS server.
ADDING VITUAL IP ADDRESS:- TCP/IP – advanced – properties.
If you installed deferent application servers required one unique IP but yur PC was connected through a single NIC card we can add number of logical IP address this IP address one called virtual IP address.
NS LOOK UTILITY:- c:/>NS Lookup
/>192.168.1.99 – host name
Using Ns lookup utility you know the IP address easily we can find out HOST name.
UNC NAME:- universal naming conversion
URL:- (universal resource locator) we use URL in browsing.
VNC:- \\\
Ex:- \\system2\jamp - 36
NET BIOS NAME:- length of NETBIOS name is 15 character, in windows environment if your OS is win-95,98,nt all this don’t know what is FQDN and DNS this systems connected network using NETBIOS protocols this is called NETBIOS name.
DIFFERENT TECHNOLOGIES
TOKEN RING:- In token ring technology all pc’s are connected in a ring topology.
FDDI:- Fiber distributed data interface in FDDI technology all the pc’s connected using fiber optic’s cable. In this technology there will be two Rings the are a) primary ring b) secondary ring
In primary ring data flow in clock wise when primary ring ha been failed then data will flow through secondary ring in anti-clock wise, in this technology data will flow very fatly, this technology will support to 100k.m.
ARC NET:- (Attached resource computer NET) This technology invented in 1970’s that tie it’s bandwidth has been developed to 20Mbps, using this technology we can connect maximum 255 pc’s this is also a token ring method, every pc’s has it’s won name in this technology we can use any type of cable, this technology physical topology is star topology. Data will flow in the from of address priority.
VG ANY LAN:- Voice grade any LAN in this technology priority wise data will flow first priority will be given to the voice.
ATM:- we can send voice, video’s, music all type of data at a time through.
SMTP:- (simple mail transfer protocol) this protocol use for sending mails, port no – 25.
POPUP-3:- (post office protocol venison – 3) this protocol used for receiving mails port no – 110.
MAILCLIENTS:- some application supports both SMTP and pop – 3 protocols for sending and receiving mails, this application is mail clients.
Ex:- in windows
1) Out look express
2) Ms out look (ms – office)
3) Internet explorer (IE)
The OS which is used in router is called ISO.
INTERNAT NEW’S GORUP’S:-
In internet there are some groups called NEWS groups, this group always provide latest information and also they will clarity all your don’ts the protocol used in internet NEWS groups in NNTP.
NNTP:- Network news transfer protocol
SOME INTERNET NEWS GROUPS:-
Alt – all distribution information’s
B12 – all business information’s
Comp – all computer and software
News – all news groups
Text mode is universal mode, text mode is faster than graphical mode, all server work in text mode.
TEL NET:- this tool useful for remote log
SNMP:- simple network management protocol
IANA:- internet assigned number authority total port no – 65536.
IIS:- internet information server
RPC:- remote procedure call
IAS:- internet authentication service
LOCAL PRINTER:- If printer is directly connected to the computer USB port/parallel port that printer is called local printer of that computer for installing local printer you must required printer drivers.
NETWORK PRINTER:- If you are using a printer which is available in network but not connected directly to your computer using UNC path we can configure network printer no need any drivers.
NETWORK APPLICATION’S
E – MASSAGING:- Now day’s E – massaging is the one port our lives this E- massaging system possible because of networking only, using LAN or WAN.
DIFFERENT MAIL – SERVER APPLICATION’S
SEND MAIL APPLICATION’S:- this application will work on Linux OS only, totally 60% users using this application.
G – MAIL:- this application will work on Linux and Unix OS only.
SUNMAIL:- this application will work on Unix OS only.
CC: MAIL:- this application will work on IBM and lotus notes.
MS – EXCHANGE SERVER – 2003:- this application will work on win – 2003 server only, totally 25% users are usually this application, mail – server are commonly divide into two parts, they are 1) public mail server 2) private mail server.
PUBLIC MAIL SERVER:- using tis server any one can apply and create account ex:- yahoo mail server.
PRIVATE MAIL SERVER:- this server mainly for organizations internal use purpose only administration can create account.
Ex:- satyam mail server, wipro mail server.
MAIL CLIENT:-
a) Internet Explorer
b) Out look Express
c) Ms outlook
MTA:- (Mail transfer agent) this will take the responsibility of forward mails.
THE ACCESS UNIT/GATE WAY:- this protocol take the responsibility of receiving mails.
X400:- this is universal standard for creating mails server.
NETWORK SECURITY
AUTHONTICATION:-
AUTHENTICATION:- using a user name password login server is called authentication server allow user when username and password is correct.
AUTHERIZATION:- adding permission restriction to a authorized user is called authorization.
DOMAIN SECURITY:-In a domain environment we can provide more security because of centralized administration, this server OS’s provide more security depending on different services.
Ex:- NTLM, KERBROUS
NTLM:- New technology LAN manager, this protocol working for security in win-NT.
KERBROUS:- This protocol working for security in win – 2000 and win – 2003, Unix, Linux.
DAT ENCRYPTION:- In a network we can send data or password in a coding language for security purpose is called encryption.
PASWORD POLICIES:- Using password policies we can provide more security in a domain environment, using same rules for password .
1) Password length.
2) How many character and numeric should be there in a password.
LOOK OUT POLICIES:- In a domain environment we can set lookout policies for restricting un authorized users.
HARDWARE PROFILE:- In win – 2003, Xp we can create hardware profile for restricting removable devices access (CD-Rom, floppy, USB).
SECURITY SOCKET LAYER:- This socket developed by net cafe, the port number of SSC 443, using this layer, we can create secure websites, though that websites data will flow in encryption mode.
FIREWALL:- PIX – 501, 503 this are the hardware firewalls, Wingate, proxy, Norton, are the software firewalls, we can restrict the unauthorized sites using firewalls.
WAN TECHNOLGY
PSTN:- Using PSTN line we can create two types of communication
1) Switch network
2) Leased lines network
SWITCH NETWORK:- In this network data flow in analog system data flow is very slow and unsecured again this network divided into 2 types
1) Normal line(analog)
2) ISDN line(digital)
NORMAL LINE:- In this line we use analog modem through this huge data not possible to send and picture quality very low speed of the line 56Kps.
ISDN LINE:- (Integrated service digital network) starting speed of the line is 1.544Mbps through this line data flow in digital format, we can
CSU:- (Channel service unit) this unit check the earthing and remove the disturbers in data
DSU:- (data service unit) this will add the digital quality to the data.
LEASED LINES:- Using this line we can send huge data in GB’s but this line are more expensive, this line mainly used for enterprise network through this liner we can send only data.
LEASED LINES ARE
T1 – speed 1.544Mbps T3 – speed 128Mbps
T2 – speed 64Mbps T3 – speed 256Mbps
WINDOW’S 2003 ADMINISTRATION
Up gradation of win – 2000 server
Win – NT 3.0 (1995)
Win – NT 3.5
Win – NT 4.5 (no – ADS)
Win – NT 5.0 (win – 2000) (have ADS)
ADVACED FETURES OF WIN 2003
ADS – Active directory service.
NTLM – New technology LAN manager.
WINDOW’S NT:- Windows introduced first networking OS in 1995 later in 2000 they in to duce NT 5.0 given name is no ADS, NTLM in 2000 Kerberos is a protocol for security 2000 and 2003, It is more security protocol ADS and NTLM is developed by IBM.
FEATURE OF 2003:- Win – 2000(SPI, SP4, SP5)+ some features of Xp = win – 2003, It support IIS 6.0 for web destiny, IIS (internet information service)
WIN – 2003 WIN – 2000
IIS 6.0 IIS 5.0
Enhanced GUI Like win – 98
Remote desk Not available
Shadow copy’s Not available
Security templates Not available
Forest level trust relation Not available
64bit processor Only 32bit processor
WIN – 2003 EDITIONS:-
1) WIN – 2003 Standard edition (small organizations)
2) WIN – 2003 Enterprise edition (medium/high)
3) WIN – 2003 Data center edition (medium/high)
4) WIN – 2003 Web edition (web)
SERVSR 2003 SUPORTS:- active directory NTFS file system, IS v6, E volume, shadow copy
SERVER – 2003 STANDARD EDITION:-
1) Small / medium size business organization’s will use.
2) This addition supports around 1000 HOSTS.
3) This support 4 procession, 8GB RAM.
4) Internet connection sharing (ICS).
5) Four way Symantec processing.
REQUIRMENT
SERVER – 2003 ENTER PRISE EDITION:-
1) Medium and Lange size business use.
2) 8 CPU support / 32 GB RAM.
3) 8 note clustering
4) This will not support ICS
SERVER – 2003 DATA CENTER EDITION:-
1) Available only as an original requirement manufacturer (OEM).
2) Provide physical address extension (AAE).
3) This support lake’s of HOSTS.
4) Support 32 CPU’s and 64G.B Ram.
5) HT technology support.
6) Mainly use for data base services.
7) This will not support ICS (internet connection shaning).
SERVER – 2003 WEB EDITION:-
1) 2 CPU’s and 2GB RAM supports.
2) It designed to meet web hosting needs, use for web developers and programmers.
LOCAL USER ACCOUNT:-
FILE SYSTEM:- Every OS flow one method for arranging files and folder is called file system, present wear using NTFS 5.0 version.
FAT - 32 NTFS
1) minimum cluster size 4k.b 1) minimum 4k.b
2) no file/folder security 2) security available
3) data compression possible 3) data compression possible
4) encryption not possible 4) encryption possible
5) we cannot create disk quota’s 5) we create disk quota’s
USER’S:- For authorize logging purpose and security we require user account for ser login user must required one user account in that system.
AUTHONTICATION:- Using a user name password login in server is called authentication, server allow user when user name and password is correct.
AUTHRIZATION:- adding permission and restriction to a authorized user called authorization, user one two type in stand alone PC they are 1) built in users 2) local users.
BUITIN USERS:- this user create by manufactures by default ex:- admin, guest.
ADMINISTRATOR:- admin is a super user he has all the rights and permission.
GUEST:- Guest users by default in disable mode guest user no need password to login, this user not having any permission, only reading.
LOCAL USERS:- Admin can create local accounts in OS there accounts always member of “user’s group”.
GROUPS:- We can create group for assigning permission’s and restrictions to a group of users, groups are two types:- 1) built in groups, 2) local groups.
BUILT IN GROUPS:- Built in groups are created by manufactures by default, they are
1) Administrator group
2) Guest’s group
3) User’s group
4) Power users group
5) Replication group
6) Backup operators group
7) Print operators group
ADDMINISTRATOR GROUP:- Admin user is by default a member of admin group get full permission.
USERS GROUP:- All the local users member of users group they not having permission to create and delete users.
POWER USERS GROUP:- power user group member can create users but not possible to delete users.
BACKUP OPERATER:- they have only permission to take backup.
PRINT OPERATER’S:- This group member has permission to take print out.
USER HOME FOLDER:- Every user have his own home folder %root %document and settings, this home folder save user profile (desktop settings, mail settings, my document settings).
SAM:- (Security account manager) This file maintain all the users, groups and security information’s in stand alone PC, %root %windows/system 32/config.
FILE AND FOLDER SECURITY
MANAGING OBJECTS AND OBJECT SECURITY:- Object names any device like file, folder, system, server, admin.
ACL:- (Access control list each object has an access control list for shared resources management using ACL, we can restrict object, access is control through common security techniques.
1) Attributes
2) Permission
3) Auditing
4) Ownership
ATTRIBUTES:- Attributes use by OS for security and file management.
FAT FILE SYSTEM ATTRIBUTES:-
1) Read only 2) Hidden
ARCHIEVE:- Combining number of files and folder and create one file is archive.
NTFS ATTRIBUTES:- 1) Read only 2) Hidden 3) Archive 4) Index 5) Compress 6) Encrypt.
EXTEDED ATRIBUTES:-
1) A folder and it’s files.
2) A folder it’s files and all subfolders and files.
INDEX:- Allows for quick search indexing service must be installed and set to be start automatically.
COMPRESS:- Saves space on infrequently used files or limited disk space.
PERMISSION CONTROL ACCESS TO AN OBJECT:- Use the folder properties security tab check the allow and deny boxes to set access permission for groups and users, if none of the allow and deny boxes are checked all access is denied, Deny over sides any other access.
INHERITED PERMISSIONS:- The permission of the periout object applies to the chilled objects set by default but can be deactivates.
EVERY ONE GROUP:- All the users one by default member of every one group, we can ad allow and deny permissions to all the users when we apply on every one group.
AUDITING:- Track activity on a folder or file through auditing windows server NTFS folders and file allow auditing of any all of the special permission, Each type of access can be tracked according to successful or failed attempts.
FILE SERVER:- File server sharing files or folder in a network all the clients are accessing the folder or file using the file server, using manage your server we can creates shared folder and we can manage file server.
BASIC ELEMENT OF DOMAIN ENVIRONMENT
DOMAIN:- Domain is a group of network computers they are sharing there resources like CD-Rom, printer, floppy, files and folders, all the computers must share the common folder is called ADS(active directory service)
ADS:- It is a directory service it store all the user group and security information.
DC:- (domain controller) It is a 2003 installed PC which is maintain a copy of ADS is called domain controller.
ADC:- (Additional domain controller) It is a 2003 PC which is maintaining a backup copy of DC’s ADS, the purpose of ADC is creating a fault tolerance and load balancing in a domain.
ACTIVE DIRECTORY DATASTORE:- DC store all the users groups and security data base information in active directory data store by default, it is NTDS.dit file %root drive %windows / NTDS / NTDS.DIT
MEMBER SERVER:- Member server always receive service from DC, it must share DC’s ADS folder only administrator have rights to add a member server in domain.
DOMAIN TREE:- Domain tree is a group of domains one domain must be a root domain other all are child domains.
FOREST:- forest is a group of domain trees
TRUST RELATIONS:- Creating communication between two domains is called trust relation, trust relations are two types, they are 1) transitive (one way) 2) intransitive (two way), between parent and child domains by default two way trust relation available. We can create forest level trust relations in win – 2003 only.
SITE:- Site is a where we can create trust relations between domain trees.
SCEMA:- schema is a set of rules, ADS work depending on schema rules schema is two types they are 1) forest schema 2) domain schema.
GLOBAL CATLOG:- Global cat log is a master searchable index, it maintain all the objects information the first DC in the forest works as a global cat log service.
CONTAINEN:- An object that holds other objects.
SCHEMA:- Defines the object classes and they are attributes that can be contained in active directory.
FOREST:- Highest level container that consists of one or more trees in a common relations ship.
TREE:- Contain one or more domains that are in a common relationship.
HOW TO CREATE A DC:-
Install – 2003 – add static IP – start – RUN – DCPROMO (or) start – programs – administrative tools – configure your server.
LOG FILES:- Log file is a text file it is recording the system events always store log files in different hard disk, c:/windows/NTDS
SYSVOL:- Sysvol is a folder, it store the servers copy of the domains public files the sysvol folder are replicated to all domain controllers in the domain, this folder shold be always created in NTFS file system c::\windows \system32
MAXIUM LENTH OF
User name – 20 characters
Domain name – 63 characters
HOST name – 15 characters
DISTRIBUTED FILE SYSTEM (DFS)
FILE SYSTEM:- Method used for storing all files and folders, FAT – 16, FAT – 32, NTFS, these are the local file system in windows, DFS is the domain working only.
We can create 10,000 Links under a single root, using DFS we can solve the following problems
SECURITY:- When you create a folder using DFS, the users cannot know that the folder is in which system.
FAULT TOLERANCE:- When we made a two DC’s in a domain, in that two DC’s, when we create DFS in that DC’s when one system fail other system can maintain the providing of folder.
LOADBALANCING:- When you create two DC’s using DFS in domain, when large number of users accessing one folder one DC cannot maintain the load balance SO we can access another DC’s in this way, we can maintain load balance.
FILE SYSTEM:-
1) Disk base file system.
2) Network base file system.
3) Virtual base file system.
NETWORK BASE FILE SYSTEM:-
DFS:- When both systems using windows.
NFS:- When both systems using Linux.
VIRTUAL BASE FILE SYSTEM:- data available in buffer area.
USERS
OU:- OU is a organization unit these are the folder a domain name
BUILT IN:- Built in OU contain all the Domain local groups.
COMPUTERS:- All the member server information.
DOMAIN:- Number of DC’s under one domain.
FSP:- All trust relation information (foreign security principal).
USERS:- This contain all the domain built in user accounts.
OU:- OU every big organization dividing into small unit are called OU’s, OU contain different object and sub OU’S object are 1) users 2) printer 3) computer 4) group.
PROFILES
USER PROFILES:- Every user desktop settings in my document files, cookier, information out look mails store and other settings store under a folder that is called user profile, that folder is home folder f the user.
When a user login first time.
Windows create a folder under :- %rot %document settings/with the user name by difult.
The user profiles are 3 types in domain environment.
1) Local profile.
2) Roaming profile.
3) Man directory profile.
LOCAL PROFILE:- If a user login in a domain using any PC that PC create that user profile under document settings folder with his name.
ROAMING PROFILE:- We create roming profile at DC side because of roming profile user can get same settings when he login any where in domain, in roming profile user have rights to change his profile.
MAIN DIRECTORY PROFILE:- We create main directory profile at DC side it is same like roming profile, but user not have any rights to change his profile.
HOW TO CRATE A ROMING PROFILE:-
1) Create an user. Ex:- RKR
2) Create one folder under any drive and share the folder.
3) Using administrator tool open any drive and share the folder.
4) Select user right click.
5) Go to properties.
6) Select profile tab.
7) Enter profile path \\server\RKR
8) Client side login as RKR user.
9) Change desktop settings and created same folders than log off.
10) All your change settings and created files and folder at RKR folder.
HOW TO CREATE MAINDIRECTORY PROFILE:-
1) Create roming profile first.
2) DC side select users home folder.
3) There is folder call NTUSER.DAT
4) You rename the file as NTUSER – MAN
DISK MAAGEMENT:- We can create only four partitions in one hard disk as 4- primary or 3 – primary + one extended, 2 primary + 2 extended.
MBR:- (master boot recorder) this is maintain all booting files information’s it occupy the area of 512bytes.
MOUNTING:- Assigning a formatted hand disk space to a folder is called mounting in windows this mounting is failed create by micro soft for us not possible to corn go mounting.
DISK MANAGENMENT:- disks are two types in win – 2003.
1) Basic disk.
2) Dynamic disk
BASIC DISK:- after installation of 2003 your hard disk is by default basic disk. in basic disk we can create partitions like primary, extended, partition under extended we can create logical partitions maximum we can create 4 partitions, 4 partitions or 3 primary + 1 Extended, we can create number of logical under one extended.
PARTITION:- partition not possible to extend with out distributing data not possible to create different hard disk free space.
DYNAMIC DISK:- In dynamic disk we can create volumes which are expandable with out distributing data and we can create volumes using different hard disk free space.
VOLUMES ARE 5 TYPES:-
1) Simple volume.
2) Spanned volume.
3) Stripped volume.
4) Mirror volume.
5) Raid5 volume.
RAID:- Radiant array of inexpensive disk.
1) soft ware raid
2) hardware raid
WIN 2003 SUPPORT:-
Raid 0 – is for mirroring
Raid 1 – striping with out parity
Raid 5 – stripping with parity
For creating raid – 5 require more than 3 hand disk using raid – 5 when one hard disk fail we can easily recover data.
MOUNT VOLUME:- Using this volume we can add some space to a partition folder.
CREATING A MOUNT VOLUME:-
1) Create one empty folder under any partition.
2) Go to disk manager select free disk space.
3) Right click select new logical drive.
4) Select space requires.
5) Select mount in the following empty NTFS folder.
6) Free select the folder.
7) The drive has been created.
8) When you copy data in the folder that will come and store in this drive.
PRINT MANAGEMENT
PRINTER IS FOUR TYPE:-
1) Dotmatrixs printer.
2) Inkjet printer.
3) Laser printer.
4) Line printer.
We can configure printer in two types in 2003.
LOCAL PRINTER:- A printer which is physically connected to the computer port (LPT/USB) is called local printer for local printer configure you must require drivers.
NETWORK PRINTER:- A printer which is available in network not connected physically. We can configure as a network printer using “unc” path for configure network printer no need any driver.
UNC PATH:- \\server name \ printer name
SPOOLED FOLDER:- A folder which store all the pending printing jobs is called spooled folder.
SPOOLING:- Sending a print job from spool folder to printer is called spooling.
SPOOLING FILES FORMAT:- This is two types they are 1) RAW 2) EMF
RAW:- In raw file, size is very big more compatible to printer win – 98 and NT support this format in a big network this format is very difficult to use.
EMF:- (Enhanced meta file) this file is very small compare to RAW format. In a big network we use this format for network printing, Win – Xp, Win – 2000, Win – 2003 support this format by default.
QUEUE:- This is a window. When we are view all the pending jobs. We an cancel, stop or restart the pending jobs. We can open this window where you click printer icon on taskbar.
DELIGATION CONTROL
We create a delegation control out here containers. 1) domain 2) site 3) o.u
Group are two types, they are 1) security group 2) distribution group.
SECURITY GROUP:- This groups members will get some permissions and restrictions they share server resources.
DISTRUBUTIO GROUP:- This group member don’t have any type of permission and restrictions. All mail groups are distribution groups.
SCOPES:-
1) Domain scope
2) Global scope
3) Universal scope
DOMAIN SCOPE:- if you create a group under domain(local scope)all these group members can login under domain only not possible to login using child domain or other domain tree.
GOBAL SCOPE:- if you create a group under global scope these member can login any where under forest.
UNIVERSAL SCOPE:- if you create group under universal scope this group members can login forest or other forest if trust relation is there by default settings are security and global in domain local group you can ad global, universal and other domain local groups as member under global group we can add local universal or universal and global but domain local group not possible to add member of global group.
UNDER UNIVERSAL GROUP:- we can add global universal group members add global universal group members but domain local group not possible to add a member of universal group.
REMOTE DESKTOP
PING:- packet inline gofer
ROP:- Remote desktop protocol. This protocol is work for creating remote desktop.
Win – 98 and 2000 does not support the remote desktop for that we have to share a file in server and copy that file in that systems. That file is
C:\windows\system32\client\ts client\setup.exe
VNC:- (virtual network connection) this is one software is used for creating a monocle one Remote desktop means when we install this software we can able to view exactly what’s going in other system for refreshing policy Gp update directly users – Dsa.msc.
DNS:- DNS is useful for host resolution purpose adding a human understandable name to a numerical IP address is called resolution.
HOST:- any device connected in TCP/IP network is called host. Every host have it’s own unique name that is called host name. Maximum length of host name 15 characters. We use a – 2, a – z, 1 – 9, “=”. DNS works depending on TCP/IP protocol.
DNS NAME SPACE
Types of DNS:- 1) client DNS (cache DNS) 2) server DNS
CLIENT DNS:- After installation of 2000, Xp, 2003 client DNS by default available in active made. It store host recorder in temporary buffer area so client DNS is called as buffer area. So client DNS is called as cache DNS.
SERVER DNS:- DNS server store all the host recorder in zone file (text file)
This server help to all DNS clients for searching other host address.
HOW TO CONFIGURE DNS SERVER:-
Installing the DNS server using
1) add/remove programs
2) select add/remove components
3) select network services
4) select DNS service.
DNS service has been installed.
VIEW THE DNS OPTION:-
Start – programs – administrator tool – DNS.
FORWARD LOOKUP ZONE:- This zone save all host records in name to IP address format.
REVERCE LOOKUP ZONE:- This zone save all PTR (Pointer records)IP address to name.
CREATE FORWARED LOOKUP ZONE:- Right click forward lookup zone – select new zone.
O PRIMARY ZONE:- Store main host records that can be directly updated on the server.
O SECONDRY ZONE:- Store all the copy of a zone that exists on another server.
O STUB ZONE:- Maintain all the DC’s host records in big networks.
DNS:- Defines a hierarchical name space where each level of the name space is separated by a ‘.’(dot) provides resolution of names to IP address and resolution of IP address to names.
QUERY TYPES:-
1) Interactive query.
2) Recursive query.
HOW TO CREATE DNS CLIENT:-
1) Open TCP/IP properties.
2) Enter preferred DNS server IP address
3) Enter alternative DNS server IP address
Alternative DNS server requires for load balance and fall tolerance purpose.
DNS SUFFIX:-
1) Select TCP/IP properties.
2) Click advanced button.
3) Select DNS tab.
4) Enchain domain name is DNS suffix for connection tab.
VIRTUAL IP ADDRESS:- We can add more than one IP address to a PC’s permanent MAC address. This IP addresses are called virtual IP’s.
It one PC playing called more than one roll like that PC working as a web server, RTP server, mail server than every roll require one unique IP address. So we can create number of virtual IP’s for one PC. Maximum we can add 16 IP’s for one LAN card.
HOW TO ADD:- TCP/IP properties – advance – select IP settings.
DHCP:- Dynamic host configuration protocol.
USED OF DHCP:- DHCP used for to allocate IP addresses to clients on a network. It automates the process of allotting the IP address and frees the network administrator to concentrate other task.
INSTALLING OF DHCP SERVER:- Install DHCP service using add remove programmers, win – components, then network service, select DHCP install service using 2003 cd. In disable mode you can DHCP server
Authorized (enable)
Red mark – disable
Green mark – enable
BOT P:- DHCP depending on boot p.
Scope – 192.168.7.100
192.168.7.200
Boot p working on client side.
Server side working DHCP.
DISADVANTAGE OF YOU ADDING STATICK IP:-
1) No security.
2) IP conflict possible.
3) Very difficult job for administrator in big networks.
SOLUTION:- Using DHCP server we can solve above problem. DHCP assigned IP address automatically to all HOSTS.
CONFIGURETION OF DHCP SERVER:-
HOW TO INSTALL THE DHCP SERVER?
DHCP server service included in win – server 2003 CD – Rom. The computer that functions as the DHCP server must be oriented a static IP address. Any computer that runs win-server 2003 can be configured as the DHCP server.
TO INSTALL DHCP SERVR:-
1) Start – settings – control panel
2) Double click add or remove programs.
3) Click add/remove windows computers.
4) Select networking services and click details.
5) Select DHCP and click ok
6) Click next
7) finish
HOW TO AUTHORIZING DHCP SERVER:- DHCP server need authorization in active directory before they can assign IP address to client.
1) Start – programs – administrator tools – DHCP
2) Select action – manage authorized servers
3) Click authorize
4) Enter IP address of the DHCP server in the BOX.
5) Click ok
6) Verify the information and click ok.
7) Click close.
CONFIGURING DHCP CLIENTS:- You can configure client computer to receive IP address from the DHCP server any computer running a version of the windows operating system can become a DHCP client. You can configure the client using the (TCP/IP) properties dialog box.
1) Start – setting – network connections
2) Right click the network connection and select properties
3) Select internet protocol (TCP/IP) from the list of protocols click properties
4) Ensure the obtain an IP address automatically. When you select this option, you can also set alternative settings which the client will use, in case DHCP server cannot assign it an IP address, you can set the alternative settings in the alternative configured in the alternative configuration tab
5) Click ok
OBTAIN THE IP ADDRESS AUTOMATICALLY:- Enables the to receive the IP address automatically from the DHCP server no manual configuration is required.
USE THE FOLLOWING IP ADDRESS:- Enable you to specify the IP address that the client should use you also need to specify the DNS servers used for name resolution.
AUTOMATIC PRIVATE IP ADDRESS:- Used by the client to assign itself an IP address till the DHCP server is able to resume functionality.
IP ADDRESS:-Enable you to specify or alternate IP address that the client will use.
SUBNETMASK:- Enable you to specify an alternative subnet mask for the network.
DEFAULT GATEWAY:- Enable you to specify an alternative gateway for the client.
PREFERRED DNS SERVER:- Enable you to specify the primary DNS server used for resolving names.
ALTERNATE DNS SERVER:- Enable you to specify the secondary DNS server, this will be used if the preferred server is unavailable.
PREFERED WINS SERVER:- Enable you to specify the primary HINS server, WINS is an alternative method used for name resolution.
THE DHCP CONSULE TO MODIFY THE DHCP STATUS:-
1) Select start – programs – administrative tools – DHCP
2) Select the DHCP server
3) Select action – all tasks
4) Select the required option
Alternatively you can use the services console to modify the DHCP status, to modify the status using the service console.
NET START DHCP SERVER:- Start the DHCP server service.
NET STOP DHCP SERVER:- Stop the DHCP server services.
NET PAUSE DHCP SERVER:- Pauses the DHCP server service
NET CONTINUES DHCP SERVER SERVICE:- Resumes the service after posing it.
COMMAND LINE:- You can modify the DHCP server status from the DHCP console, services, console and using the command line.
SERVICE CONSOLE:- You can disable the DHCP service using the service console.
NETSHELL UTILLITY:- You can manage DHCP from the command line using the net shell utility.
SYNCRONOUS BACKUPS:- This back up are performed automatically every 60 minutes.
ASYNCRONOUS BACKUPS:- This back up must be performed manually.
MANUAL BACKUP:- You can manually restore a DHCP database only by using a manual backup.
HOW TO PERFORM A MANUAL BACKUP OF THE DHCP DATABASE:-
1) Start – programs – administrative tools – DHCP
2) Select the required server
3) Select action – backup
4) Select the location to save the backup and click ok. The data base is copied to the new location.
TO RESTORE A MANUALLY BACKED UP DATABASE:-
1) From the DHCP console, select the required server
2) Select action – restore.
3) Select the folder containing the backup up database and click ok
REMOTE DESKTOP:- Remote desktop in win-server 2003 enables to remotely to a particular machine and work with that machine.
WHAT IS PROVIDED WIN – SERVER – 2003:- win-server 2003 provides the run as command that enable to run applications or commands with different log on information or security credential than those with which you have logged on.
MICROSOFT MANAGEMENT CONSOLE:- Microsoft management console enables to access the administrative tools provide by win-server 2003.
COMPUTER MANAGEMENT CONSOLE:- Computer management console enables to manage or perform required task on the remote computer by accessing that machine.
WHAT IS THE USE OF REMOTE DESKTOP:- Win-server 2003 provides remote desktop for administration service for remote server management.
WHAT IS THE USE OF REMOTE DESKTOP CONNECTION:- Enable to establish connection to a single remote server to perform administrative task on the server.
WHAT IS THE USE OF REMOTE DESKTOP SNAP-IN:- Remote desktop snap-in enable to established connections to multiple remote server simultaneous.
AMINISTRATIVE TASK:- To perform the administrative task on the remote computer you need to configure the server to enable the remote desktop for administration.
REMOTE ASISTANCE:- Remote assistance enable to acquire assistance from the remote user who is an expert or some one who can solve your query.
REMOTE DESKTOP RUN AS COMMAND:-
1) Start – programs – administrative tools
2) Right click active directory users and computers
3) Select run as from the shortcut menu
4) Select the following user option
5) Enter the required user name and password of the user who wants to login as administrator
6) Click ok
TO CREATE A CONSOLE FOR A REMOTE COMPUTER USING MMC:-
1) Start – run
2) Enter MMC (Microsoft management console)
3) Click ok select file add/remove snap in
4) Click add
5) Select computer management from the snap in list
6) Click add click another computer option
7) Enter the computer name
8) Click finish
9) Click close
10) Click ok
11) Save the console 1 windows as console MSC file.
SNAP-INS ADDED TO:- Display the location where the snap-in is added.
DESCRIPTION:- Display the information about the item that you have added to the console.
TO CONFIGURE ERVER TO ENABLE REMOTE DESKTOP FOR ADMINISTRATOR:-
1) Right click my computer
2) Select properties
3) Click remote tab
4) Select allow users to connect remotely to your computer
5) Click ok to return to remote tab
6) Click apply
7) Click ok
TO ACCESSING THE REMOTE DESKTOP:-
1) Start – programs – accessories – communication – remote desktop connection
2) Click options
3) Select computer name from computer dropdown box.
4) Enter the appropriate information
5) Click connect
SAVE AS:- Enable to save the current settings to access the remote desktop.
OPEN:- Enable to open the saved setting in order to access the remote desktop.
ADD:- Enable to add an item in the consol which you have selected in the snap-ins add to option.
REMOVE:- Enable to remove an item that is present in the console.
ABOUT:- Display additional information about the item that you have added to the console.
TO ACCESS THE REMOTE COMPUTER USING THE COMPUTER
MANAGEMENT CONSOLE:-
1) Select start – programs – administrative tools – computer management
2) Right click computer management (local)
3) Select connect to another computer
4) Click another computer option
5) Enter the computer name
6) Click ok the left pane of the computer management window display in the administrative tools of the selected computer.
TO MAKE A REQUEST USING REMOTE ASSISTANCE:-
1) Start – help and support
2) Click remote assistance under support
3) Click invite some one to help you option
4) Click sign-in right click name of the user from whom you want help
5) Select ask for remote assistance
6) Click yes conform the session
UTILITY MANAGER:- Start – programs –accessories – accessibility – utility manager
SOUND RECORDER:- Start – programs – accessories – entertainment – sound recorder
CLUSTER ADMINISTRATOR:- Win-server 2003 supports two type of clusters, server clusters and network load balancing (NLB).
SERVER CLUSTER:- It designed for data base server such as Microsoft SQL server email and massaging server such as Microsoft exchange and file and print servers.
NETWORK LOAD BALANCING (NLB):- It provides high reliability and is suitable for application whose data sets does not change frequently or are read only.
INTERNATE CONNECTION SHARING
HOW TO CONFIGURE INTERNET THROUGH DIALUP?
1) We require telephone and modem
2) Inimically add the internal or external modem
3) Configure modem install devices
4) Check the modem working properly
5) Device manager – select modem – right click – properties – diagnostics – query modem (if your get success modem links)
6) Configure internet connection – settings – control panel – networking connection wizard – select connection to internet – click next – connect using dialup modem – next – ISP name (for display) phone romer (BSNL or any phone company name and he give a number)
7) Set the properties – click properties – use dialing rules – select country – diling rules – pulse
INTERNET CONNECTION SHARING (ICS):-
1) Using ICS we can share internet in a netywork. If you increase the PC’s than internet window slow.
2) We use ICS in small network group in network.
3) ICS is not secure, not possible to restrictions easily hack others
4) We do not use ICS in domen environment
ICS SUPPORT OS’s:-
Windows Xp
Windows 2000
Windows 2003 standard edition
PROXY SERVER:-
1) We use proxy in big network
2) Using proxy we can restrict sites
3) Using proxy we can share internet in big work group or domain
4) Client side no need to enter ISP’s DNS
5) Proxy server is third party it support an OS’s
6) Do not add interconnection to DC
CLIENT SITE:- Internet explorer – right click properties – select connection tab – click LAN setting button – proxy server – enter address of proxy server – enter address f proxy server and port number dial up n – 172259.
Dial u[p connection cost pen min – 30 PC’s
1 min – per speed – 115Kbps
TATA server no – 203.197.12.30
202.54.6.50
Proxy use in only domain environment.
REMOTE ACCESS SERVICE (RAS):-
REMOTE ACCESS SERVICE (RAS):- using RAS we can access remotely located RAS server through PSTN liner for RAS number need internet data is not secured in RAS and it is very slow RAS is working properly PPP (point to point protocol).
REMOTE ACCESS:- This is enable client to connect to the network from a network from a remote location.
HOW TO ACCESS CLIENT A NETWORK REMOTELY:- Client can access a network remotely using a dialup connection or through a virtual private network. IP address for remote clients can be assigned automatically or manually.
AUTHENTICATION:- This is the process at verifying the identity of the person logging on to the network.
WINDOW AUTHENTICATION OR RAIDIUS:- You can configure remote connections to be authenticate using windows authentication or RADIUS.
WHAT IS RADIUS?
RADIUS is an authentication system which centralizes authentication, authorization and accounting for network connection’s.
WHAT IS MS – CHAP V2:- Win-server-2003 authenticates remote connections using ms-CHAP V2 by – default.
Authentication protocols support by routing and remote access or win – server 2003 includes 1) EAP – TLS 2) ms – CHAP V2 3) ms – CHAP V1 4) CHAP
REMOTE CLIENTS CONNECTING THROUGH A DESKTOP CONNECTION CAN USE VARIUS AUTHENTICATION PROTOCOLS SUCH AS :-
1) PAP
2) SPAP
3) CHAP
4) MS – CHAP
5) MS – CHAP V2
WHAT IS REMOTE ACCESS POLICY:- It is set of protocols that define the process of authorizing and rejecting connections.
Remote access policies specify a set of connection restriction if a connection is authorized.
THE DEFAULT POLICY’S OF ROUTING AND REMOTE ACCESS:-
1) Connection to Microsoft routing and remote access servers
2) Connection to other access servers
THE EMLIMENT OF REMOTE ACCESS POLICY:-
1) Conditions
2) Remote access permission
3) profiles
THE DIFFERENT PROPERTIES IN A PROFILE:-
1) IP
2) Multilink
3) Authentication
4) Encryption
5) Advanced
6) Dial-in-constraints
TO CONFIGURE ACCESSS BEYOND THE REMOTE SERVER:-
1) Enable the server to act as router
2) Assign correct IP address
3) Enable IP routing
4) Enable broadcast name resolution
AFTER THE REMOTE CONNECTIONS ARE ESTABLISHED YOU CAN CARRY OUT VARIOUS ACTIONS:-
1) View the client status
2) Send massages to the clients
3) Disconnect the remote session
WHILE ATTEMPTING TO TROBLESHOOT THE REMOTE CONNECTIONS:-
1) Verify that the server can act as a router
2) Verify that IP routing is enable
3) Verify that broadcast name resolution is enabled.
CREATE A NEW DIALUP CONECTION IN A NETWORK SERVER:-
1) Start – settings – network connection
2) Double click new connection wizard
3) Click next
4) Select connect to the network at my work place and click next
5) Select dial – up connection and click next
6) Enter the name for the connection in the company name box and click next.
7) Enter the phone number which the client will dial in phone number box and click next
8) Select who can use the connection to make a connection available to every one select anyone’s use to make the connection available only to you, select my use only.
9) Click next.
10) You can add a shortcut to the connection by selecting the add a short cut to my connection to my desktop check box.
11) Click finish
TO CONFIGURE THE SERVER FOR REMOTE ACCESS:-
1) Start – setting – administrative tools – routing and remote access.
2) Right click the server and select configure and enable routing and remote access.
3) Click next
4) Select dial – up to enable dialup users to access the network and click next
5) Select automatically to enable remote clients to receive IP address automatically
6) Click next
7) Select the method to authenticate connections. To authenticate using routing and remote access. Select number, use routing and remote access to authenticate connections requests.
8) Click next
9) Click finish
CONFIGURING DIAL – IN USER PROPERTIES:-
1) Start – administrative tools – active directory users an computers
2) Click the required user from the console tree in the right pane
3) Select action – properties
4) Click the dial-in tab
5) Select any one option from the remote access permission (dial-in or VPN)
6) Click ok
TO CONFIGURE CALLBACK WHERE THE REMOTE ACCESSS SERVER IS A PART OF THE WIN-SERVER- 2003 DOMAIN:-
1) Start – administrative tools – active directory users and computers
2) Click the required user from the console tree in the right pane
3) Select action - properties
4) Click dial – in – tab
5) Click the required cable option you want to set for the user from the callback options
6) Click ok
USING REMOTE ACCESS CLIENT ADDRESSING:-
1) Select start – settings – administrative tools – routing and remote access
2) Right click the server and select properties
3) Click the IP tab
4) To automatically assign IP address from the DHCP server select the dynamic host configuration protocol (DHCP) option from the IP address assignment section.
TO ASSIGN STATIC IP ADDRESSES TO CLIENTS:-
1) Open the server properties dialog box
2) Click the IP tab
3) Select the static address pool option from the IP address assignment group box
4) Click add
5) Enter the first IP address of the range in the start IP address text box
6) Enter the last IP address of the range in the end IP address text box. A value automatically appear in the number of addresses text box indicating the number of IP addresses in the range
7) Click ok
REMOTE AUTHENTICATION DIAL-IN USER SERVICE (RADIUS):-
1) Start – settings – administrative tools – routing and remote access
2) Right click the server and select properties
3) Click the security tab
4) Select the authentication method from the authentication provider drop down list box
5) Click ok
EXTENSIBLE AUTHENTICATION PROTOCOL:- Transport layer security (EAP – TLS) used along with EAP, to authenticate smart cards it can encrypt connection and authentication data both EAP – TLS can only be used on a domain server.
MS – CHAP V2;- User keys to authenticate connection. It can encrypt both, authentication encrypt both, authentication and connection data, this is the default option in win-sever2003.
MS – CHAP V1:- User keys to authenticate connections, it is used to authenticate clients using older version of windows.
CHALLENGE HANDSHAKE AUTHENTICATION PROTOCOL (CHAP):- Used for compatibility with client not running windows. It encrypts authentication data using MDS hashes. It does not encrypt connection data.
CONFIGURING CLIENT SEURITY SETTINGS:-
1) Start – settings – network connections
2) Right – click the dial-up connection and select properties
3) Click the security tab
4) Select advanced (custom settings) and click settings
5) Select the various options to enable for the connection
6) Click ok
7) Click ok to close the properties dialog box
DATA ENCRYPTION:- Enable you to select the level of encryption for the data
USE EXTENSIBLE AUTHENTICATIN PROTOCOL (EAP):- Enable using EAP for the connection
ALLOW PROTOCOLS:- Enable you to select various protocols that can be used of the connection, the various protocols include, such as, PAP, SPAP, CHAP, MS-CHAP and MS-CHAP V2.
FOR MS – CHAP BASED PROTOCL, AUTOMATICALLY USE MY WINDOWS LOGON NAME AND PASSWORD:- Enables sending the win – logon credentials to the domain controller while logging on to the domain. It enables you to avoid entering the same information twice.
TO VIEW THE DEFAULT REMOTE ACCESS POLICYS:-
1) Start – programs – administrative tools – routing and remote access
2) Expand the node of the required computer from the left pane of the console
3) Click the remote access policies node from the console tree.
CONFIGURE REMOTE ACCESS SERVER:-
1) Start – programs – administrative tools –routing and remote access
2) Right click the server and click properties
3) From the enable this computer as a section select the router check box
4) To enable routing only for LAN connections select the local area network (LAN) routing only option
5) Click ok
ADMINISTERING REMOTE ACCESS CLIENTS:-
1) Start – programs – administrative tools – routing and remote access
2) Expand the server node and select remote access clients are displayed in the detail pane
3) Right click the user and select status.
TO SEND MASSAGES REMOTE USERS:-
1) From routing and remote access console click remote access clients
2) To send a massage to all connected remote users, right – click remote access clients and select send to all.
3) Compose the massage in the dialog box that appears and click ok
TO DISCONNECT A REMOTE USERS CONNECTION:-
1) From the routing and remote access console select the remote access clients node
2) Right click the user in the details pane and click disconnect
BACKUP
WHAT IS BACKUP?
Creating a copy of original data in a compressed mode which know the source path is called as back up you required backup creating data security. We can take backup in 2003 using backup tool.
TYPES OF BACKUP
NORMAL BACKUP:- This is complete data backup (all files) backup. We can take normal backup one’s in a every company archive attribute more is clean in the box.
INTERIMENTAL BACKUP:- (It enable to create backup only those files data are created or modified) since the last normal or incremental backup. This incremental backup always happen the existing normal backup file so every day you take incremental backup. It is very first backup archive mark is clear after the incremental backup.
DEFRENCIAL BACKUP:- This backup including all the files that are include in the first backup as well as contain the files that are created or modified on the second day.
COPY BACKUP:- This is useful when you on backup files between normal and incremental backup it dose not effect your backup process or schedule, after tasking copy backup archive remain same.
DAILY BACKUP:- This type of backup is use full when you on backup the files that are modified on that day with out affecting the backup schedule after daily backup archive remain same.
ADS BACKUP:- In a domain environment if you DC’s ads corrupted or networking properly if you have ADS backup easily you can solve the problem using ADS backup we can restore ADS backup in directory restore mode.
HOW TO RESTORE ADS BACKUP:-
Whiling booting press f8 in startup mode select directory restore mode.
TO PERFORM RESTORE IN A SINGLE FOLDER:-
1) Start – program – accessories – system tools – backup
2) Click restore advanced mode link
3) Click restore and manage media tab
4) Expand file
5) Expand backup bkf
6) Select the folder that you want to restore
7) Select single folder option from restore files to drop-down box.
8) Enter the path of folder where you want to restore in the alternate location text box
9) Click start restore
10) Click ok
TO MODIFY THE TIME FOR THE SCHEDULED BACKUP:-
1) Start – programs – accessories – system tools – backups
2) Click the advanced mode link
3) Click the schedule job tab
4) Click the backup icon for which you want to modify the time of backup
5) Click properties
6) Click the schedule tab
7) Enter the required time for the backup schedule
8) Click ok to return to schedule job options box
9) Click ok
10) Enter the appropriate password in the password and confirm password text box
11) Click ok
MONITORING PERFERMANCE:- The administrator need to monitor and manage the system to know the performance of the system.
WIN-SERVER-2003 RECORDS THREE TYPE OF LOGS IN THE EVENT VIEWR:- 1) application log 2) security log 3) system log
A WIN-SERVER-2003 PCIS CONFIGURED AS A DOMAIN CONTROLLER RECORDS TWO ADDITIONAL EVENTS:-
1) Directory service log
2) File replication log
(DNS)DOMAIN NAME SYSTEM LOG:- A computer in win-server-2003 OS and confirmed as a domain name system (DNS) server records one additional events which is domain name system log.
PERFERMANCE CONSOLE:- Performance console in win-server2003 contains system monitor and performance logs and a lets.
SYSTEM MNITOR:- This is enable you to collect and view the real time performance data of the remote computers.
PERFERMANCE LOG AND ALERTS:- This is enable you to collect the performance data automatically from local or remote computer.
TASK MANAGER:- Information about programs and process that are running on your computer is displayed in task manager.
THE FIVE TABS AVAILABLE IN THE TASK MANAGER
APPLICATIONS:- Display the status of all the programs running on the computer
PROCESSES:- Display information about all the processes that are running on your computer..
PERFERMANCE:- Display information about the performance of the system over time in graphical format
NETWORKING:- Display information about the network performance in the graphical format.
USERS:- Display information of all the users who are logged on
WINDOWS MANAGEMENT INSTRUMENTATION (WMI):- This is an initiative to setup standard for creating, reading and modifying management information’s
WINDOWS MANAGEMENT INTERFACE COMMAND LINE:- You can access the information stored in WMI repository with the help of management scripting tools or command line using (WMIC)
Computer running on different version of Microsoft windows can be managed with the help of WMIC
WIN-2003 PROVIDES YOU FOUR TYPE OF TOOLS:-
1) Event viewer
2) Performance console
3) Task manager
4) WMI event logging tools
EVENT VIEWER:- This is enable administrator together information about hardware and software problems. The event log file are text file this file store information about system events by default win-2003 recorded three type of login event viewer 1) application log 2) security log 3) system log
APPLICATION LOG:- it maintain application or program problem information
SECURITY LOG:- It maintain security related events that you have specified in the adiposity.
SYSTEM LOG:- It contain information about events logged by win-2003 system components EX:- If any driver fail, improper shutdown any device fail this type of information in system log.
DIRECTORY SERVICE LOG:- If you create 2003 PC as a DC, two DC log file add in event viewer 1) directory service log 2) file replication service log
DIRECTORY SERVICE LOG:- It contain information abut ADS EX:- connection problem between servers, if you any user or group this type of problems.
FILE REPLICATION SERVICE LOG:- It contain file replication service information if DC is DNS server DNS server available in event viewer
DNS LOGS:- It store DNS errors every log contain 3 type of massages
INFORMATION:- Successfully completed events
WARNING:- system use of working about feature system problems
ERROR:- Bad key length – failure EX:- service, hard disk.
HOW TO CREATE EVENT VIEWER:-
Start – control panel – administrative tools – event viewer
In the console tree click application
Double click the required event to view more details about the event from the detail pane.
Click ok
TO MONITER THE PERFERMANCE OF COMPUTER:-
Start – control panel – administrative tools – performance
Right click the system monitor
Select add counters
Select counter from the list option and select the counter from the drop down list.
Select the required option from the performance object drop down list.
Select the required counter from select the counter from the list drop down list
Select all instance check box to display all the counters instances that are available when system monitor is in use.
Click add to performance console appear with selected counter.
USING TASK MANAGER:-
1) press ctrl + alt + delete
2) click task manager
3) click the process tab
4) select view – select columns
5) select the required columns name
6) click ok
7) click the performance tab
8) click the networking tab
9) click the users tab
10) close the windows task manager dialog box
BUSNESH TO BUSNESH TO SITE:- With out certificate not having hack data. SSL – security sical layer, port no – 443
PERFERMANCE LOG AND ALERTS:- It enable you to collect the performance automatically from local or remote computer.
PERFERMANCE IS 2 TYPE:-
LOGS:- It display information which the application services are OS generated they are two type of logs
COUNTER LOG:- It display information about the hardware uses, and actives of system services.
TRACE LOGS:- Display disk input out put activities (Disk information).
ALERTS:- It display information about the logs when the counters value ranger or failes below the specific limit.
INTERNATIVE INFORMATION SERVICES (IIS):- It is enabling you to manage and control access to website. IIS is not installed with win-server-2003 by default, installing IIS by default enables it to be static web server. In 2003 IIS are 6.0 versions available using IIS we can host websites in internets, WebPages are websites, we use IIS manager enables to add, delete, start, stop or pause a particular site from the required server.
WHAT IS OUR JOB IN IIS?
Member server (no need to DC)
Win – web edition specialist of IIS. We can punches this name in the organization in INTER.INI, all edition are supported
WHAT IS SFMO RULES:- (flexible single master operator) This rule the server this server perfectly working performance increase in FSMO. We can developed through web pages HTML, VVS script, DOTNET, java script.
TO INSTALL IIS:-
1) Start – settings – control panel
2) Double click add/remove programs
3) Click add/remove windows components
4) Select application server component
5) Click next
6) Insert the win-server-2003 enterprise edition CD
7) Click ok
8) Click finish
TO CONFIGURE IIS TO ENABLES ACTIVE SERVER PAGES:-
1) Start – programs – administrative tools – IIS manager
2) Expand windows 2003 (local computer)
3) Expand web service extensions to display the status of the web service extentions supported by IIS
4) Select active service pages from the web service extetion list
5) Click allow
6) Close the IIS manager console
TO ACCESS A REMOTE SERVER RUNNING IIS:-
1) Start – programs – administrative tools – IIS manager
2) Right click win – 2003 (local computer)
3) Select connect
4) Enter remote server name in computer name box
5) Select the connection as check box
6) Enter appropriate user name and password to connect as an administrator
7) Click ok
8) Expand the remote computer
9) Expand website
10) Right click a particular site is running
11) Select stop
TO CREATE A WEBSITE:-
1) Create a folder win – 2003 under the d:\drive
2) Open notepad
3) Enter the text “well come to the win – 2003 computer internal web site”
4) Save the file or test.html under d:\windows-2003
5) Start – programs – administrative tools – IIS manager.
6) Expand windows 2003 (local computer)
7) Expand websites
8) Right click default websites
9) Select stop
10) Select websites
11) Action – new – website
12) Click next
13) Enter windows – 2003 in the description box
14) Click next
15) Click next
16) Enter d:\windows-2003 in the path box
17) Click next
18) Select read, run scripts (such as asp) and browse check box
19) Click next
20) Click finish
TO SECURE IIS ASSINING BASIC AUTHENTICATON USING AUTHENTICATTION METHODS:-
1) Start – programs – administrative tools – IIS manager
2) Right click windows -2003
3) Select properties
4) Click directory security tab
5) Click edit from authentication and access control box
6) Clear enable anonymous access check box to prevent any unauthorized user from accessing the windows – 2003 website
7) Clear integrated windows
8) Select basic authentication (password is sent in clear text)
9) Click yes to return to authentication method screen
10) Click ok to return to directory security box
11) Click apply
12) Click ok
13) Close the IIS manager
TO VERIFY WHEN THE SETTINGS ARE APPLIED TO A WEBSITE:-
1) Open internet explorer windows
2) Enter http://windows – 2003/test.html
3) Enter the user name
4) Enter the password
5) Click ok
DNS SERVER SITE:-
Start – programs – tools – DNS – forward lookup zone – view (website name) EX:- jkc.com – allow dynamic updates – add IP address - finish
CLIENT SITE:- enter www.jkc.com open the site
Jkc – jawahar knowledge center
CERTIFICATION SERVICES
Protocol used in HTTPS
SSL – security socket layer port no – 443
HTTP port no – 80 & 8080
CERTIFICATION SERVICE
This server provides security to all the sites.
A PUBLIC KEY INFRASTRUCTURE (PKI):- It enables you to protect the data transmitted over the network by using different type of encryption.
A DIGITAL SIGNATURE:- It enables you to conform that the person sending a massage file or any other data is actually the person who he or she claims to be.
ENCRYPTING FILE SYSTEM (EFS):- Win-server-2003 includes EFS it enables you to store data and files on a disk in encrypted format
IP SECURITY:- It enables you to encrypt and digitally sign the communication over the network.
ELOCTRONIC MAIL PROTOCOL:- E-mail massages are transmitted over the internet with the help of electronic mail protocols in the plain text format.
SMART CARD:- This is a credit card-sized plastic card that includes an integrated circuit (IC) and a memory.
PUBLIC KEY ENCRYPTION (PKE):- Computer running win-server-2003 use the PKE for encryption on a data network.
CERTIFICATION:- This is an administrative entity that verifies, manages, and controls the production of public and private certificates you can configure a server running windows server 2003 to function as a CA.. the two type of CA,
1) Enterprise CA
2) Standard alone CA
ROOT CA:- this is must trusted type of CA in the PKI and for the entire organization.
WHILE CONFIGURE CERTIFICATES:-
Type of certificates
Encryption key length and algorithm
Certificate lifetime
Renewal policies
WIRELESS NETWORK AUTHENTICATION:- (WLANs) this is very popular networking technology for EX:-wireless LAN’s based on 802.11 standards is a very important media for security only authorized user can connect the network.
CREAT A CA ON WIN-SERVER-2003:-
1) Start – settings – control panel
2) Click add or remove programs
3) Click add add/remove window components
4) Select certificate services
5) Click detail button
6) Select CA and certificate services web enrollment support box.
7) Click ok
8) Click yes
9) Click ok
10) Click next
11) Click stand alone root CA
12) Click next
13) Enter required information
14) Click next
15) Click next, accept the setting of database
16) Click yes
17) Click yes and finish
18) Close add/remove program box.
SECURITY TEMPLATES & AUDDITING
WHAT IS SECURITY TAMPLATES?
Security tam palates are files in which the security setting and user rights for a network can be specified security templates are a INF file it store all the security policy information’s. all INF files stores folder
C:\window\security\templetes
Security templates are ASCII text based files security templates are stored in the windows\security\templates folder by default.
SECURITY TEMPLETES TOOLS:- Using this tool we can view all the INF files.
SECURITY CONFIGURATION AND ANALIZATION TOOL:- Using this tool we can analyze our systems security with other INF file. We can find out what are the drawback in our security green mark indicate – ok, raid mark indicate – fail
Using configuration option we can add more secure INF file to our server every INF file contains below common of policies.
THE DIFFERENT SECTION IN SECURITY TAMPLATES:-
a) Registry
b) File system
c) Event log
d) System services
e) Restricted groups
f) Local policies
g) Account policies
THE SECURITY CONFIGURATION AND ANALYSIS SNAP IN:- It enables you to compare the settings on a local machine with these of a given templates.
SECEDIT TOOL:- This is a command line version of the security configuration and analysis snap-in.
DIFFERENT SECURITY TEMPLATES IN WIN-SERVER-2003 COMPUTERS:- Apply files and registry permissions, this enables legacy applications to perform their functions. However the compatws template decreases security.
DC SECURITY:- Applies default security settings for a domain controller.
HISECDC:- Includes additional security for NTLM and disable additional services
HISECWS:- Provides increased security for a workstation, it remove members in a power user group
LESACIS:- Applies registry permissions t micro soft internet explorer.
ROOTSEC:- Apply root permission to the drive of the system.
SECUREDC:- Apply LAN manager restrictions and limits account policies.
SECURUS:- Apply LAN manager restrictions and enhances local account policies.
SETUPSECURITY:- Presents the security of the current machine during setup.
DEFLTSV:- Applies the default server templates at setup.
DEFLTD:- Applies the default domain controller (DC) templates.
DIFFERENT SECURITY TEMPLATES IN 2003
REGISTRY:- manager the security setting for registry keys.
FILE SYSTEM:- Includes the security permissions for files and folders
EVENT LOG:- It provide information about the time for which the logs are net enhanced.
SYSTEM SEVICES:- Changes startup settings, such as disable automatic or manual.
RESTRICTED GROUP:- Manage the member ship of any window group.
LOCAL POLICIES:- includes three subsections
AUDIT POLICY:- defines the rights of different session the system.
SECURITY OPTION:- Defines the various security settings that can be implemented through the registry.
ACCOUNT POLICIES
PASSWORD POLICY:- Contains repatriations regarding password.
KERBEROS POLICY:- Contains specifications regarding the users of the kerbereros protocol.
ACCOUNT LCK OUT POLICY:- Controls the maximum number of attempts that can be made to login before the account is locked.
WORKING WITH SECURITY TEMPLATES:- The security configuration and analysis snap in enable you to compare the setting on a local machine a like these of a given templates. It is also possible to examine network security by using the fool.
SECURITY CONFIGURATION AND ANALYSIS SNAP IN:-
Open the Microsoft management console
Select file – add and remove snap in
Click add
Select security configuration and analysis option from the available stand alone and snap in and click add
Click close
click ok
select security configuration and analysis need from the console
select action – open data base
enter the name of the data base in file name box
click open
select the required template
click open to import the template
select file – save as
enter security in the file name box and click save
close the console
TO COMPAIN THE SECURITY SETTING WITH THOSE OF THE TEMPLATE JUST CREATED:-
1) Select start – programs – administrative tools – security MSC security template created appears.
2) Select the security configuration and analysis
3) Select action – analyze computer now
4) Click ok
DIFFERENT SETTTING OF THE SECEDIT COMMAND LINE
COFIGURE:- Applies security setting from a template. This setting must be used only after the rollback is created.
ANALYZE:- Audits and companies the security setting in a data base template with the setting on the machine.
IMPORT:- Exports a template from a database.
VALIDATE:- You must use the validate setting in such situations.
GENARATE ROLLBACK:- You must always make one rollback before applying a new template.
DB:- Specify the name of the database file that you want to create and use.
CFG:- Specify the name of the required template, you must entire the path
OVERWRITE:- When you use this setting and apply a temple the security setting of the older template on the computer will remain the same. The new template will not over write them.
LOG:- Provide a log file to records the errors system uses the windows\security logs\scesrv.log as the default log file if no log file is specified.
QUIET:- You can use this setting as a script.
AREAS:- Apply settings in the areas specifically listed in templates. This setting ignore other settings. This area included
1) Security policy
2) Group – MGMT (restricted groups)
3) User – rights
4) Regkeys
5) File store
6) Services
MARGED POLICY:- Merges and exports the domain and local policy. This setting enable to capture all other security settings.
RBK:- Specify the name of the security template that you want to create. This setting exists only with the / generate rollback setting, you can use the secedit command to configure a machine or to rollback a template, EX:- to configure a machine by using the ABC template secedit/configure/db abc.db/cfg abc.inf/log abc.log
In addition to create a rollback template for the ABC templates that you have created
secedit/generaterollback/cfg abc.inf/ rbk abcrollback.inf/log abcrolback.log
PRINCIPAL OF LEAST PRIVILEGES:- The principal of least privileges guides in the development and implementation of the security policy, this principal ensure that no user of the information systems on the network is allowed to temper with or distort the settings on a system.
IMPLIMENTING SECURITY TAMPLATES
STRONG PASSWORD POLICY:- Prevents unauthorized individuals from entering into the system.
USER RIGHTS:- Sets different rights on computers with different roles. Accesss and log on rights must be reduced.
Security option, restricted group sections.
Service section, base line plan, auditing
NON SECURITY TAMPLATES:-
1) group users
2) configure acts
3) project servers
4) auditing logs
5) web proxies
6) firewalls
SECURITY POLICIES
LOCAL SECURITY POLICY:- This policy tool available under every stand alone PC. If you change the setting it apply to only that partition PC.
DOMAIN SECURITY POLICY:- This policy tool available under DC. If you change these policy settings it apply to all the member computers in a domain.
DOMAIN CONTROLLER SECURITY POLICY:- This policy tool available under DC. If you change these policy settings, it apply to all the DC’s under domain tree.
PASSSWORD POLICY
ENFORCE PASSWORD HISTORY:- It store previous password history maximum password 24 and minimum 0.
MAXIMUM PASSWORD AGE:- Default option is 42 day’s maximum 999 day’s.
MINIMUM PASSWORD AGE:-
By default one day
Maximum – 998 day’s
MAXIMUM PASSWORD LENGTH:-
Default option – 8 connections
Maximum length – 14 connecters
PASSWORD MUST MEET COMPLEXITY
REQUIREMENT:- Compulsory enter name – special symbol – number or connecter – special symbol – numeric
STORE PASWORDS USING REVERSABLE ENCRYPTION ENCRYPTION:- if you enable your DC is more secure. EX:- santosh – hstnas reverse form.
ACCOUNT LOCKOUT POLICY:- IN ATM side this policy is used using this policy a can disable a user account whenever a user enter wrong password. EX:- If any user atm side three time enter wrong password account will disable.
ACCOUNT LOCK OUT DURATION:- Disable account again enable after some duration which is selected.
KERBEROS POLICY’S:- This policy available only in DC’s Kerberos is a protocol maintain complete domain security.
LOCAL POLICY:-
Under local policy
AUDDIT POLICY SECURITY LOG FILE:-
Store all audit information
EX:- Folder is project
Newly join in company – 5 members
I want to add audit
Maximum ten users
Any user log in any one this is enter in security log file. Using audit policy we can get audit reports about users /groups using this policy we can protect our server site resources (files, folders, drive).
HOW TO ADD AUDIT POLICY:-
Text folder – properties – security tab – advanced – auditing – add – folder (NAG) – all give full permission – apply ok.
GROUP POLICIES
S1,S4,S6,S10 = only permissions other user’s other projects.
LOCAL GROUP POLICY HOW TO VIEW:-
RUN – gpedit .msc
Nonlocal group policy gpo
Group policy object we add server side container.
GROUP POLICY’S:- Using group policies we can add a policy on same group of objects (group of computers, objects) group policies are two types, they are
1) local group policy 2) nonlocal group policy.
LOCAL GROUP POLICY:- Every standalone PC contain one group policy that is all local group policy. The local gpo stored at % systemroot % \system32\ group policy. This policy apply on two group of objects
1) computer group
2) user group
we can view group policy using group policy editor command –gpedit.msc, under local group policy two option available.
1) computer configuration
2) user configuration
COMPUTER CONFIGURATION:- If we change any policy below this option , it apply when ever this computer starts
USER CONFIGURATION:- If we change any policy below this option, it apply when ever any user log on this computer.
NONLOCAL GROUP POLICY OBJECT (GPO):- We create GPO on 3 containers
1) OU 2) Domain 3) Site on DC
Nonlocal GPO stored at % system root%\sysvol\domain name\policies\GPO guid\adm
GPO GUID:- This is GPO globally unique identifies
EX:- Select marketing OU – right click – properties – select group policy tab – create policy – pressing new bottom
UNDER GPO CONTAINENR 2 OPTIONS
1) computer configuration
2) user configuration
COMPUTER CONFIGURATION:- This policy setting apply to al the computers objects under container, when ever any this computer start, this policy apply.
USER CONFIGURATION:- This policy apply to all containers users objects when ever they logon using any PC under domain.
CREAT A GPO THAT WILL LINK TO DOMAIN:-
Start – programs – administrative tools – active directory user and computer
Right click the domain for which you want to create the GPO
Select properties
Click the group policy tab
Click New
Enter name the GPO that you want to create
Click ok
TO MODIFY GROUP POLICY OBJECT SETTINGS:-
1) Start – RUN
2) Enter gpedit.msc
3) Click ok
4) Expand the required configuration setting folder
5) Double click the folder to view the policies in the detail pane
6) Double click the policy in the details pane which you want to modify.
7) Select define these policy setting check box
8) Click add user or group
9) Click browse
10) Enter object name to select textbox
11) Click ok
DIFFERENT OPTION IN GPO EDITOR CONSOLE ARE
COMPUTER CONFIGURATION:- Enables to set the polices for a computer different setting available in computer configurations are
SOFTWARE SETTINGS:- This is enable you to specify how the application must be installed and managed in the organization, this setting are applicable to all users who log on the computer.
WINDOWS SETINGS:- Contains the script (startup/shutdown) extension and security setting node. The security setting node enable administrator to set the security setting of the computer such as audit policy, local policy, user rights, account policy and event logs.
ADMINISTRATIE TEMPLATES:- It contains win- component node system node and network node this is saved in HKEY-local-machine(HKLM) registry key. It manage win-server-2003 components such as internet explore, task schedules, terminal services and window installer.
TO REMOVE A GROUP POLICY OBJECT FROM THE GROUP POLICY LIST:-
1) Start – programs – administrative tools – active directory users and computers
2) Right click the domain in the console
3) Select properties
4) Click group policy tab
5) Select the GPO that you want to delete
6) Click delete
7) Select remove the link from the list
8) Click ok
DELIGATING ADMINISTRATIVE CONTROL OF GROUP POLICY:- After creating the group policy object you can delegate the control of GPO to appropriate user. The different tasks for which you can delegate the control of GPO are
EDITING GPO:- Enable the user to edit GPO. The user t whom you delegate the editing task can modify the group policy settings.
CREATING GPO:- Enable the user to create the GPO. The user to whom you delegate the creating task can create GPO in active directory.
TO DELIGATE THE CONTROL OF GPO CREATION:-
1) Start – programs – administrative tools – active directory users and computers
2) Click the users
3) Double click group policy creator owners in the detail pane
4) Click the member tab
5) Click add
6) Enter the name of the user or group to delegate the control in the enter the object names to select textbox
7) Click ok to return to the group policy creator owner properties dialog box
8) Click ok
CONFIGURING THE USER ENVIRONMENT USING GROUP PLICY:- The group policy settings override the user settings. EX:- you want to prevent users from accessing the network and dial – up connection. To prevent the user access you need to remove network and dialup connection option from the start menu. To apply this setting you can configure remove network and dial-up connection from start menu policy.
TO PREVVENT USERS LOOKING THE SYSTEM:-
1) Start – programs – administrative tools – active directory users and computers
2) Click domain for which you want to modify group policy
3) Select file – poperties
4) Click group policy tab
5) Select group policy to configure the settings
6) Click edit
7) Expand user configuration – administrative template – system
8) Click ctrl + alt + del option folder
9) Double click disable lock computer from detail pane select enable
10) Click ok
BTROUBLESHOOTING GROUP POLICY AND SOFTWAREDEPLAYMENT
TOOL FOR TROUBLE SHOOTING GROUP POLICY:- Different tool available for trouble shooting group policy are event viewer, resultant set of policy and GPresult.
EVENT VIEWER:- This is enables the administrator to gather information about hardware and software problems.
APPLICATION LOG:- It contains the group policy failure and warning massages.
RESULT SET OF POLICY (RSOP):- This is a new tool in win server 2003 which enable you to massage and troubleshoot the group policy settings.
RSOP QUERY:- It display all different policies that are applied to users and computers and the odor in which there apply.
THE RSOP QUERY CONSISTS OF TWO MODELS
LOGGING MODE:- Display the existing group policy setting of a computer and user who logged in.
PLANNING MODE:- Enable to replicates the GPO setting that a user and computer might receive.
GPRESULT TOOL:- It is used to create a display RSOP query on a command line. It also display information about OS. User and computer settings.
TO ENABLE EXTENSIVE LOGGING FOR EVENT LOG:-
1) Log on as a administrator
2) Start – run
3) Enter regedit
4) Click ok
5) Expand HKEY_LOCAL MACHINE – software – Microsoft – windows NT – current version
6) Select edit – new –key
7) Enter diagnostic as the name of the key
8) Right click diagnostic key
9) Select new – OWORD value
10) Enter run diagnostic group policy as the name of new value
11) Right click run diagnostic group policy value
12) Select modify
13) Enter one in value data
14) Click ok
15) Log off the machine
16) Log in again
17) Start – programs – administrative tools –event viewer
18) Click application log
19) You can view the errors event to troubleshoot the group policy
TO CRATE THE RSOP QUERY IN LOGG IN MODE:-
1) Start –RUN
2) Enter mmc
3) Click ok
4) Select file – add/remove snap –in
5) Click add
6) Select result set of policy
7) Click add
8) Click close to return to add/remove snap in box
9) Click ok to return console window
10) Right click Result set of policy icon on the RSOP console
11) Select generate RSOP data
12) Click next
13) Select logging mode option
14) Click next
15) Select appropriate action
16) Click next
17) Select appropriate option
18) Click next
19) Click next
20) Click finish
21) Click required configuration folder to view the details.
THE SYNTAX OF GPRESULT TOOL IS:-
GPresult [/s computer [/u clomain\user /p password]]
[/user username][/scope{user/computer}][/v][/z]
where
/S COMPUTER:- specify the name or IP address of a remote computer. The default value is local computer.
/W DOMAIN USER:- The default value is the permission of the currently logged on users on computer from where the command is executed.
/P PASSWORD:- Specify the password of the user account which is specified in the /u parameter.
/SCOP{USE/COMPUTER}:- Display either user and computer settings
/V:- Display the extensive policy information
/Z:- Display information about group policy
TO CREATE A DISPLAY RSOP QUERY OR COMMAND LINE:-
1) Start – RUN
2) Enter cmd
3) Enter gpresult
TROUBLESHOTTING SOFTWARE:- Same time th users may face problems while installing the assigned or published software packages.
SOFTWARE DEPLAYMENT:- Using this option in GPO we can install one dumped (copied) software a server site, in every member server site. Using software deployment we can readies coast.
MSI FILE:- For displaying purpose you required MSI file in obligation, it is window installation file.
MSC – Microsoft saved consol
MSI – Microsoft installer
The administrator manages different software within an organization using the software installation and maintainer feature of intellimirros.
INTELLIMIRROR:- This is a technology which ensure that software and personal settings are available when the user logs on different computers and when the computer is share over the network.
SOFTWARE DEPLAYMENT WITH GROUP POLICY PROVIDE TOOLS SOFTWARE INSTALLATION EXTENSION:- Enable the administrator to manage the installation of the software on the client machine. It is present in group policy object editor console on the server.
ADD/REMOVE PROGRAMS:- Enable the users to manage the installation of the software on their own computer. it is present in control panel.
SOFTWARE DISTRUBUTION POINT (SDP):- It contains all applications which can be assigned or published to a user or computer.
SOFTWARE INSTAALLATION NODE:- It contains all the assign and published application.
THE STEUP SOFTWARE DISTRIBUTION POINT:-
1) Create a folder for software on file server which will be the SDP.
2) Copy all required software setup files to folder
3) Right click the folder
4) Select properties
5) Click sharing tab
6) Select share this folder option
7) Click permissions
8) Set the required permission on folder
9) Click ok
TO CREATE A GROUP POLICY OBJECT CONSOLE:-
1) Select start – run
2) Enter MMC
3) Click ok
4) Select file – add/remove snap in
5) Click add
6) Select group policy object editor
7) Click add
8) Click browse
9) Click the all tab
10) Select the required GPO name under all group policy objects store in this domain
11) Click ok to return to select group policy object screen
12) Click finish
13) Click close
14) Click ok
15) Select file – save as
16) Enter group policy object name
17) Click save
TO SET SOFTWARE DEPLAYMENT PROPERTIES:-
1) Start – programs – administrative tools – group policy object
2) Expand computer configuration – software settings
3) Right click software installation node.
4) Select properties
5) Select the required option
6) Click advanced tab
7) Select the required option
8) Click the file extension tab
9) Select the required option
10) Click categories tab
11) Select required tab
12) Click ok
TO SELECT A PACKAGE DEPLAYMENT METHOD:-
1) Start – program – administrative tools – group policy object.
2) Expand computer configuration – software settings.
3) Right click software installation
4) Select new – package
5) Select the win-installer package files (.MSL file) you want to add to software installation node
6) Click open
7) Select the required option
8) Click ok
TO SET WINDOWS INSTALLER PACKAGE PROPERTIES:-
1) Start – programs – administrative tools – group policy object
2) Expand computer configuration – software settings
3) Click software installation node
4) Right click a package
5) Select properties
6) Click the deployment tab
7) Select required option
8) Click upgrades tab
9) Select required option
10) Click categories tab
11) Select required option
12) Click modifications tab
13) Select the required option
14) Click security tab
15) Select the required option
16) Click ok
ZAP FILE:- Using this file we can deploy software’s, if MSI file is not available.
HOW CREATE ZAP FILE:-
Open notepad:- [application]
Friendly name = “win zip”
Setup command = \\server \winzip\winzip.exe, [exit]save this file as win zip.zap
RADIUS SERVER
RAS server used for authenticating internet users which are remotely connected to the RAS server. All RAS server are clients of RADIAS server. This RADIAS server mainly used at ISP site.
HOW TO CREATE:-
1) Install IIS at PC in DC
2) IAS support PADIAS protocol, RADIUS – remote authentication dial in user services.
RADIUS PROXY:-IAS can be used as a RADIUS proxy to provide routing of these RADIUS massages sent between the client and server.
USE IAS AS A RADIUS SERVER IT PROVIDE:-
1) Centralize authentication and authorization
2) Central accounting recording service
CONFIGURE THE RADIUS CLIENT:-
1) Log or as a administrator from your computer
2) Open the routing and remote access console
3) Select the required computer name from left pane of the console
4) Action – properties
5) Click the security tab
6) Select RADIUS authentication from authentication provider drop down list
7) Click configure
8) Enter IAS server name you can also enter 192.168.0.1 in server name box
9) Click change
10) Enter password
11) Click ok
12) Click ok in add RADIUS server box
13) Click ok the RADIUS authentication box
14) Select RADIUS accounting
15) Click configure
16) Click add
17) Enter required IAS server name and click change
18) Enter password
19) Click ok
20) Click ok in add RADIUS server box
21) Click ok in RADIUS accounting box
22) Click ok in properties
23) Click ok
24) Click apply
25) Click ok
ROUTING AND REMOTE ACCESS SERVICE HAS STOPPED:-
1) Start – programs – accessories – command prompt
2) Enter net stop remote access at command prompt
3) Start – programs – accessories – command prompt
4) Enter net start remote access
CONFIGURE RADIUS SERVER:-
1) Log on as a administrator your computer
2) Start – control panel
3) Click internet authentication service (IAS)
4) Select RADIUS client node
5) Select action new RADIUS client
6) Enter name
7) Enter IP address, client address (IP or DNS)
8) Click next
9) Enter password
10) Click finish
11) Close IAS log off as administrator your computer.
CONFIGURE IVENTLOGING FOR IAS:-
1) start – control panel
2) select IAS
3) select action – properties
4) select the reject authentication requests and successful authentication requests box
5) click apply
6) click ok
VPN
Virtual private network
USE OF VPN:- we can send data security VPN enable you to access remote network security over the internet. In win – server 2003 the default number of simultaneous connection to a VPN is five. We can use VPN send or receive data in encrypt mode we can establish connection in internet or enterprise network. VPN is very faster than RAS.VPN is very secure.
VPN IS TWO TYPE CONECTION:-
1) PPTP 2) L2TP/IPsec
PPTP CONNECTION:- It encrypt data packets but dose not provide data integrity or proof of origin. It encrypts data through protocol. 1) POP 2) SHOP
L2TP/IPsec:- Connection is more secure than PPTP and requires authentication for the user as well as the computer.
STRUCTHURE OF VPN
TO INCREAS THE NUMBER OF CONNECTION:-
1) start – programs – administrative tools – routing and remote access
2) right click port node and select property
3) select required port and click configure
4) enter port no
5) click finish
TO CREATE A PPTP VPN CONNECTION:-
1) start – setting – network connections
2) double click new connection wizard
3) click next
4) select connect to the net work at my work place and click next
5) select virtual private network connection and click next
6) enter company name
7) click next
8) enter host name on IP address
9) click next
10) select anyone’s use and click next
11) click finish
12) click cancel
TO CREATE THE PROPERTIES OF THE VPN CONNECTION:-
1) start – setting – network connections
2) right click the connection created earlier and selection properties
3) click the options tab
4) select include windows logon domain
5) click networking tab
6) verify that automatic is selected under the type of VPN box
7) click ok
TO CONFIGURE A PRE – SHARED KEY ON THE CLIENT COMPUTER:-
1) Start – setting – network connections
2) R – click VPN connection and select properties
3) Click security tab
4) Click IPsec settings
5) Select pre – shared key for authentication box
6) Enter pre – shared key in the key box
7) Click ok
TO CREATE AN LRTP/IPsec VPN CONNECTION:-
1) On server computer – start – programs – administrative tools – routing and remote access
2) R – click the remote access server and click properties
3) Click security tab
4) Select allow custom IPsec policy for LRTP connection box
5) Enter pre-shared key
6) Click ok
7) On client computer start – setting – network connections
8) R- click VPN connection and selection properties
9) Enter host name or IP address of destination
10) Click networking tab
11) Select LRTP/IPsec VPN from type of VPN list
12) Click ok
ROUTING
It transmits data packets from one network to another on internet rooting are used to transmit data among different sevens. It work on the network layer of the OSI model router transmit data using routing tables.
Routing table is set of roots used by router. Win server-2003 provide routing using routing and remote access.
Routing and remote access contain such as, DHCP relaying, demand-dial-routing and packet filtering.
LAN ROUTING CONTAINS TWO MAIN NODES:-
1) NETWORK INTERFACES:- Lists the network interfaces detected on the computer.
2) IP ROUTING:- enables configuring the DHCP relay agent.
TO ADD NETWORK INTERFACE MANUALLY:-
1. Start – programs – administrative tools – routing and remote access.
2. Right click general node, under IP routing node.
3. Select new interface.
4. Select required interface and click ok.
5. Click ok.
Routing and remote access provide contain features relating to IP routing, you can manage this feature using general properties dialog box from routing and remote access console.
TO ACCESS THE GENARAL PROPERTIES DIALOG BOX:-
1. Start – programs – administrative tools – routing and remote access.
2. R-click general node under IP routing node.
3. Select properties.
4. Click the preference levels tab.
5. Click multicast scopes tab.
TO ADD A MULTICAST SCOPE:-
1. Click add.
2. Enter scope name.
3. Enter IP address.
4. Enter mask address.
5. Click ok.
ROUTING TABLES:- It contain address which enable data to reach it’s destination.
THERE ARE THREE TYPE OF ROUTERS:-
1) HOST ROUER:- It specify broadcast address on host computer. Host routers IP routing table contain the 255.255.255.255 network mask.
2) DEFULT ROUTE:- if the destination does not match any entry in table IP routing table contain Ip add – 0.0.0.0 and similar network mask.
3) NETWORK ROUTER:- It specify distinct network address IP routing table can contain any subnet mask address from 0.0.0.0 to 255.255.255.255
TO VIEW THE ROUTING TABLE FROM ROUTING AND REMOTEACCESS CONS:- 1. Start – settings – administrative tools – remote access
2. Expand IP routing node.
3. R-click static router and select show IP routing table.
VIEW IP ROUTING TABLE IN COMMAND PROMPT WINDOWS
1) Open command prompt windows.
2) Enter router print at the prompt and press enter.
ROUTING TABES:- It contains various addresses through which the data will pass til it richer it’s destination.
ROUTING TABLE CONTAIN FIVE COLOMONS
NETWORK DESTINAION COLUM:- It contain the list of final destination addresses
1) 0.0.0.0 – matching destination.
2) 127.0.0.0 – loop back address.
3) 224.0.0.0 – multicast root.
4) Values ending in 255 – broadcast address.
NETMASK COLUMN:- It determines which router will be used to transmit data.
GATEWAY COLUMN:- Specify the IP add of the next router that will receive the data packets.
INTERFACE COLUMN:- Specify the IP add of network adapter or modem that will transmit data to router.
METRIC COLUMN:- Determines which router will be used in case of a conflict with other router.
DEMAND – DIAL CONNECTION:- This is temporary connection, unlike a dedicated connection.
TO ENABLE DEMAND DIAL FUNCTIONALLITY:-
1) Start – programs – administrative tools – routing a remote access.
2) R clicks the server when routing and remote access is configured and select properties.
3) Under enable this computer as a section, ensure that router is selected.
4) Under router option – selection LAN and demand dial option.
5) Click ok.
TO AD A NEW DEMEND – DIAL INTERFACE:-
1) Start – programs – administrative tools – routing and remote access.
2) Right click network Interfaces and select new demand dial interface.
3) Click next.
4) Enter interface name and click next.
5) Select the method t connects. Ex:-select connect sing a modem, ISDN adapter, on their physical devices.
6) Click next.
7) Select modem through which connection will take place and click next.
8) Enter phone number and click next.
9) Select required security and traffic option and click next.
10) Click next.
11) Enter connection information and click next.
12) Click finish.
http://www.amjad-hr.blogspot.com
NETWORKING:- connect devices through a transmission media (cable/wireless) is called network, for purpose of sharing resources, file, folder, printer and other things also.
DIFFERENT TYPE OF NETWORKING:-
LAN:- local area network
CAN:- campus area network
MAN:- metropolitan area networking
WAN:- wide area network
LAN:- In LAN PC’s are connected through a transmission media in one building.
CAN:- In can we connect different buildings lands through a transmission media, this can support up to 10k.m only.
MAN:- In MAN we connect different buildings with metropolitan area using, access points, It support only up to 100k.m.
WAN:- WAN is a LAN of LANs in WAN we connect PC’s through PSTN line WAN is two types, they are 1) public network (internet) 2) private network (enterprise network)
NETWORKING COMPONENTS
CLIENT:- Client are the network computers with out having hand disk, CD-Rom, Drive and Floppy Drive, they are accesses resources of server.
SERVER:- Server is a computer that is provide service (shared resources like CD-Rom, Floppy drive, Printer, Folder) to connected clients.
NODE:- Node is a device like client, server of printer or scanner which is exchanging information in network.
HOST:- Any devices PC/printer/fax/scanner connected using TCP/IP network is called HOST, every host have a unique name, the maximum length of host name is 15 characters.
SIGMENT:- A connection from system to HUB is called a segment.
PEER-TO-PEER NETWORK:- In this all PC’s are connected each other using transmission media and HUB or switch, this PC’s are sharing resources, there is no centralized administrator, Every PC’s act as a client and server, no security in this network.
SERVER BASE NETWORK:- In this network PC’s are connected each other and they one sharing resources (CD-Rom, Printer, Files and Folders), one PC controlling the complete network that is called server, other PC’s are called clients, high security available in this network.
PSTN:- public switch telephone network
NIC:- network interface card
FOR CREATING A LAN WE REQIRE
Hardware software
PC’s Network OS
NIC NIC Drivers
Transmission media(Wire and wireless) Protocols
Connectors
SERVER OS FROM DIFFERENT COMPANIES
Microsoft Unix Linux Novel IBM
Window NT Sun Solaris red hat ES and AS novel net ware
(first server OS) Lotus notes
Windows 2000 server HP Unix
Windows 2003 server Sco Unix
COMMUNICATION PROTOCOLS
Net BIOS windows to windows
IPX/SPX Novell to Novell Netware
TCP/IP Every OS (universal protocol)
LAN TOPOLOGY:- The structure of the layout of the network is called as the topology of the network.
NETWORK TOPOLOGY:- it is divided into two types
PHYSICAL TOPOLOGY:- It explains the actual physical layer out of the Network
LOGICAL TOPOLOGY:- It explain the logical flow of the data through the network.
TOPOLOGIES ARE FIVE TYPES:-
Bus topology
Ring topology
Star topology
Mesh topology
Hybrid topology
BUS TOPOLOGY:- In this transmission is very slow and there is possible of data loss at a time only one system can transmit data in the network. It one connection is damaged complete network will damage.
RING TOPOLOGY:- In this data flow in the form of packets, Every packet contains destination address, source address and data, If our connection damage complete network will damage.
STARTOPOLOGY:- In this topology multiple data transmission will happen, If one connection fail your network never effected.
MESH TOPOLOGY:- In this topology every server directly connected with other server, ATM’s are working depending on this network only this is very costly and very fast, this is only in server.
HYBRID TOPOLOGY:- mixing of Bus topology, Ring topology, Star topology, Mesh topology is called hybrid topology.
TECHONOLOGY DEPEDS ON TOPOLOGY:-
ETHERNET TECHONOLOGY:- In star topology we use Ethernet technology NIC cards.
TOKEN RING:- For connecting Ring topology we use token Ring NIC cards.
NIC CARD:- NIC card is a interface which connected your system through transmission media, NIC card connection 3 ports 1)AUI port 2)RJ-45 3)BNC
AUT:- (Attachment unit interface) this is the universal connector sun machines and other branded computers like DELL, IBM, this all will use this port AUI port contain 15pin female port.
RJ-45:- This is 8pin port, we use cat 5 cable to connect to the RJ-45 port.
BNC:- This port will be used by the cable net provider.
MANUFACTURES OF NIC CARD:- VIA, INTEL, REAL TECH(RIL), 3.COM, D-LINK, BST LINK.
TRANSMISSION OR DB15 CONNECTOR:- This connector convert the AUI port to RJ-45 port.
FRAMES:- Data flow to the network in the form of frames.
MAC ADDRESS:- Every Ethernet card stores one mac address, mac means media access control address, this mac address is permanently stored in your NIC card this is a 48bit address, We can view this address in our PC in 12bit Hexa decimal format IEEE providing this mac address , this mac address is a physical address of your computer, when a system brow cost a data that data’s targeted address is always ffffffffffff total12f’s that is a cravens mac address.
TRANSMISSION MEDIA:- They are two types 1) wire less transmission media 2) cable transmission media.
WIRE LASS TRANSMISSION MEDIA:- In this data will flow through electro magnetic waves, radio waves, micro waves, infrared waves.
BAND WIDTH:- Any point of time the data flow through cable is called band width, media band width is two types 1) base band 2) broad band
BASE BAND:- Through base band only one signal transmit at a time we use base band for digital data transmission purpose, this is more secure than broad band.
BROAD BAND:- Through broad band number f signals transmit at a different frequencies through a single cable. It is very slow and not secure.
SIGNALING SPEED:- (clock speed) it is used to increase the band width by in creasing the signaling speed this speed majored in Mhz,
Band width = no.of bits * clock speed.
Cables are three types, they are 1) twisted pair 2) Coaxial cable 3) fiber optic’s
COAXIAL CABLE:- In this data flow through a signal copper wire, dis advantage in coaxial is any damage data loss will happen and there will be a huge noise, these are two types.
a) THIN CABLE:- 10Base2 used by cable tv.
b) THICK CABLE:- 10Base5 used by cable net.
10Base2 bandwidth is 10Mbps and it will support up to 200 miters.
10Base5 bandwidth is 10Mbps and it will support up to 500miters.
We use BNC connector for connecting co-axial cable.
TWISTED PAIR:- The twisted pair is divided in to 2types, they are 1) UTP cable 2) STP cable
STP cable is more secure than UTP cable because STP cable has a shield protection. UTP cable has following types
1) CAT1
2) CAT2:- this is used to connect telephone lines.
3) CAT4:-
4) CAT5:- this is used to connect networks, this will support up to 230miters.
5) CAT5E:- this will support up to 300miters.
6) Cat6:- this will support above 300miters.
For ca5,5E,6 we use RJ-45 connector for cat2 use RJ-11 connector speed of cat5 cable is 100Mbps, modem contain RJ-11 connector, Ethernet card contain RJ-45 connector.
FIBER OPTIC CABLE:- this support more than 2k.min this optics cable data flow in the form of light with the speed of more than 100Mbps for connecting CAN network we use this cable.
BSTRIGHT CANBLE:- we use straight cable for connecting different devices, ex:- one said PC and other side HUB.
CROSS CABLE:- Using cross cable we connect same devices. Ex:-both PC’s.
MEDIA ACCESS OF ETHERNET:- method of sending data through network cable is called media access, media is a cable which is used to send the data.
MEDIA ACCESS IS THREE TYPES:-
1) Contention based
2) Token ring
3) Demand priority
CONTENSTION BASED:- this method works depending on following two commands.
CSMA/CD:- carrier service multiple access collision detection.
CSMA/CA:- carrier service multiple access collision avoidance.
COLLISSION:- collision will happen when the two pockets crash together.
TERMINATOR:- terminators are used to prevent the signal bounce and collisions.
TOKENRING METHODE:- this method has been designed by IBM, this is also called as zero collision method, data can be send by a computer which is having token device which is used in this is called MSAV (Multi station access unit)
DEMAND PRIORITY:- this is an 100v.g any LAN 100 voice grade any LAN this is a device which connects all the computers
CABLES AND SPEEDS:-
CABLES STANDARDS
1 2 3
10
100 Base
Base T
T
1000
10 Base
Base T
2
10
1000 Base
Base 5
FX
1. Data transfer speed
2. Broadband of base band
3. Types of cable (T) UTP (2,5) co-axial
(FX) fiber optic
10Base2 thin Ethernet of thin net.
10Base5 thick Ethernet of thick net.
IEEE:- 802- this group work on LAN/WAN.
802 SUB GROUPS:-
802.3 – Ethernet
802.11 – Wireless at the speed 11,25,5 Mbps.
802.5 – Token ring method at the speed 4,16Mbps.
802.3 – Group used the CSMA/CD, CSMA/CA technology.
Under 802.3 there is two groups
1) Slow Ethernet at the speed 10Mbps.
2) Fast Ethernet at the speed 100Mbps.
Any type of cable will used for this
ISO/OSI:- International standard organization open system interface.
It is a reference model, structured layer concept used for of referred for communication in a network. This reference model is called as open system interface means every system should be communicate with other system this model is governed by group of form different organization that organization is called ISO.
ISO/OSI MODEL HAS 7 LAYERS:-
7. Application layer
6. Presentation layer
5. Session layer
4. Transport layer
3. Network layer
2. Data link layer
1. Physical layer
7) APPLICATION LAYER:- It is an user interacting layer in which all sending applications will be interacted by user. The protocols which work
At this layer HTTP (hyper text transfer protocol) FTP (file transfer protocol) SNMP (simple network management protocols).
6) PRESENTATION LAYER:- In this layer data is send in appropriate format like encoding, decoding, compression, will work in this layer (Extension means DOC, PPT, XLS, Tabular, MP3, MPEG, VOJ).
5) SESSION LAYER:- Creating maintaining and disconnecting the session as well as data is send in which format like simplex and duplex (Half, Full).
4) TRANSPORT LAYER:- It is a core layer in which transmission, Retransmission of data will happen with acknowledgement, data is divided into segments, the protocol is work at this layer is TCP, UDP.
3) NETWORK LAYER:- In this layer segments are converts into packets and each packets is assigned with logical address called as IP address, these packets are transfored from one network to another network’s IP address (router, brouter).
2) DATA LINK LAYER:- It is divided into two part’s one is MAC address went is LLC in this layer packets are converted into frames and each frames is assigned with MAC address (BRIDGE).
1) PHISICAL LAYER:- Data is converted into binary signal and binary signal to analg signal and these signals are transport via transmission media (repeater, HUB, Switch).
TCP:- Transmission control protocol this protocol is working in transport layer TCP is a connection oriented protocol, UDP is a connectionless protocol, TCP communication is slow campuses to UDP but it is very secure TCP check error connections.
IP:- internet protocol this protocol brought cast data through a proper interface. It will slow the path to data, IP just add an logical address on every packet.
0 0 0 0 0 0 0 0
IP ADDRESSES:- This is a 32bit address this address divide into four parts each port contain eight bit, it all 8bit are zero’s
The IP address is 0.0.0.0
this is default address of router.
It all bits are one’s
1 1 1 1 1 1 1 1
The IP address is 255.255.255.255
This is a brought cast IP address
This IP address depending on use divided into two types, they are public IP, private IP.
IP ADDRESSES ARE CLASSIFIE IN TO 5 TYPES:-
1) Class A – 1 to 126
2) Class B – 128 to 191
3) Class C – 192 to 223
4) Class D – 224 to 239
5) Class E – 240 to 255
127 is the loop back address for system selfchacking purpose from 127.0.0.1 to 127.254.254.254
Class A – 1 – 126
IP address
In this one network ID starts from 1.0.0.1 to 1.254.254.254 this is one complete network ID, in class A first bits one called as Network ID, remain 24bits are host bits, when the network ID has been changed, we can not connect the systems which have different Net ID’s
Class B – 128 – 191
IP address
In this one network ID started from 128.0.0.1 to 128.0.254.254
In class B first 16 bits are called as network ID and remaining 16bit is HOST 16bits, you that in class B first two numbers should be same.
Class C – 192 – 223
IP address
In this network ID is 192.0.0.1 to 192.0.0.254
In class C first 24bits are called as Net ID remaining 8bits are HOST ID, so that in this HOST 3 numbers should be same.
PRIVATE IP ADRESS:- same IP’s are reserved for internal use purpose, this IP’s are not unique in world.
Class A – 10.0.0.1 to 10.254.254.254
Class B – 172.16.0.1 to 172.31.254.254
Class C – 192.168.08.1 to 192.168.08.254
TCP/IP:-
ARPA – advanced research project agency.
ANC – advanced networks and service.
TCP 3 WAY HAND SHAKE:- between two transport layers data will flow in the form of segment, it third transaction completed successfully in between this layer is called TCP 3 way hand shacking.
POCKET:-
HEADER:- It contains miscellaneous information such as segment numbers, acknowledgement, error check.
FRAME:-
BIT’S:-
0 1 1 1 0 0
From bit’s data will convert into analogsignals.
ARP:- (Address resolution protocol)this protocol work on network layer it is responsible for opting hardware address in windows:- ARP – a
ICMP:- internet control management protocol, it used to report error and send massage about delivery pocket this protocol work on network layer. If you are in TCP/IP network, If error is “destination unreachable” means route is not founding any destination if error is request timed out means destination exists but you are not getting response means time to leave is ‘0’ when time to leave of a packet is ‘0; we will get this error.
SUBNET MASK:-
Class A – 255.0.0.0
Class B – 255.255.0.0
Class c – 255.255.255.0
LOOPBACK ADDRESS:- 127.0.0.1
STATIC IP:- Adding IP address to a pc manually is called static IP.
DYNAMIC IP:- System getting IP address dynamically from DHCP server, It may be change time to time.
EXTENDING NETWORKS
REPEATER:- Repeater regenerate the signal and this is for amplification purpose, repeater works on physical layer.
EXTENDED DEVICES ARE DEVIDED IN TWO TYPES
INTRANET INTRERNET
Repeater
Hub
Switch
Bridge Router
Brouter
Layer 3 switches
HUB:- using hub we can connect more than two systems, HUB is a broad cost device, HUB we called as multiport repeater, HUB is a single collision device in HUB bandwidth is shared by all ports, HUB is a multicast device in HUB there is a one port called HUB link port using this we can connect the another HUB this connection is called as cascading of HUB.
HUB IS TWO TYPES
ACTIVE HUB:- active HUB act as a multiport repeater, it regenerate the signal and amplify the signal, this HUB require power supply, active HUB are different types
1) Five port HUB
2) Eight port HUB
3) 16 port HUB
4) 24 port HUB
PASSIVE HUB:- it will not regenerate the signal, it just divides the signal and this HUB will not require power supply.
DATA FLOW IN THE FROM OF SEGMENT:- The connection from HUB to PC is a one segment, in cat5 cable there is 4 pairs of cable, 3 pairs of cables are only for reciving data, 1 pair of cable is for sending data.
SWITCH:- Switch is called as intelligent HUB. Because it maintain the MAC address table switch is a multi collision device switch never share the signal bandwidth switch is unicast device this is work on physical layer, switch is a layer2 device, when we start the switch one’s it broad cast and get the all system’s MAC address.
SWITCH TYPES:-
1) 8 port switch
2) 16 port switch
3) 24 port switch
4) 32 port switch
5) 96*11 rack also available
DIFFERENCE BETWEEN HUB AND SWITCH
HUB SWITCH
1) HUB is a single collision device.
2) Hub is a multicast device.
3) HUB will not maintain any address table.
4) In HUB bus topology is used.
5) HUB shares the bandwidth.
6) HUB broadcast the data. 1) Switch is multi collision device.
2) Switch is a unicast device.
3) Switch maintain MAC address table.
4) Tin switch mesh topology is used.
5) Switch’s not share the bandwidth.
6) Switch only one’s brought cast the data.
BRIDGE:- using bridge we can connect different type of topologies (bus or token ring), this bridge working on data link layer.
ROUTER:- we use routers in wan for connect different remote subnets using router we connect enterprise network this router work on network.
BROUTER:- using brouter we can connect different topologies in wan it will work on network layer.
LAYER3:- ISP’s use layer3 switch it at a switch it act as switch come router, using layer switch ISP provide ISDN connectivity, this layer 3 switches work on network layer.
GATEWAY:- In router one port is there named ‘eo’ this port has been called as gateway. Thorough gateway, we send and receive this data.
Cat5 and cat6 cables support maximum 100meters but cat5 transmit data at the speed of 100Mbps, cat6 transmit data at the speed of 180Mbps.
FGDN NAME
DNS:- (domain naming system) domain is a group of networked computer. They are sharing there resources (cd-rom, printer, folders, files) in this one or more PC’s act as a reveres for centralized administrator purpose, this is called as domain in this more security is available.
WORKGROUP:- group of computers connected in a peer to peer network, they are sharing resources every PC, act as a client or server no centralized administration, there is no security.
In windows server called as dc(domain controller), client is called as member of server.
SUBNET MASK:- subnet mask differentiate between a signale IP address network ID and host ID.
How to find out network ID
Class A – subnet mask 255.0.0.0 and
IP address 12.1.1.0
Net ID 12.0.0.0
IP ADRESS SUBNET MASK NETWORK ID PRIVATE/PUBLIC
101.0.3.10 255.0.0.0 101.0.0.0 Public
125.125.0.3 255.0.0.0 125.0.0.0 Public
127.127.0.10 This is 1000 back Address
190.10.224.3 255.255.0.0 190.10.0.0 Public
200.255.200.3 This is not A IP add Ness
224.10.0.254 255.255.255.0 224.10.0.0 Public
10.254.0.3 255..0.0.0 10.0.0.0 Public
172.32.5.3 255.255.255.0 172.0.0.0 Public
255.255.255.255 This is brought cast address
20.150.3.254 255.0.0.0 20.0.0.0 Public
192.168.7.5 255.255.255.0 192.168.7.0 Public
PROBLEM:-
If your LAN card’s backside light not glowing when you connect the CAT5 cable?
SOLUTION:-
1) Cable not crimped properly.
2) Cable loose connectivity both saides.
PROBLEM:-
In HUB physical network connected properly, but al lights are not glowing?
SOLUTION:-
Power problem in HUB.
PROBLEM:-
If one segment light is not glowing?
SOLUTION:-
1) Segment not crimped properly.
2) Lose connectivity both sides.
PROBLEM:-
On your LAN icon if you get question mark?
SOLUTION:-
IP address has been conflict means other system also using same IP.
How to view network interface deice?
My network places – right click – properties than you get all the configured network interface devices.
How to view other pc’s information from your system?
My network places – open – entire network click on this – Microsoft windows – workgroup of domain icon will appear click on that – all network pc’s will appear click on any pc you can view the files and folder which are shared.
How to ad IP address? What are the protocols available on network properties?
Under network properties
Client for Microsoft network:- this client service is useful when you one connected pc’s in a Microsoft network
Client for Netware:- this service is useful for adding a client in a novel Netware.
Network load balance:- for create clusters we use this.
File and printer sharing:- Because of this service only we are sharing files and printers.
FQDN:- (fully qualified domain name) this name contain two parts, they are 1) host name 2) domain name
Maximum length of domain name is 63 characters.
Maximum length of host name is 15 characters.
INTERINC:- this is an organization which will give the domain names.
DNS:- domain naming service or domain naming system, DNS is a one service for host resolution purpose.
HOST RESOLATION:- assigning a human understandable name to the numerical IP address is called Resolution. EX:- 200.210.4.5 -
DNS is two types:-
1) client DNS
2) server DNS
CLIENT DNS:- When we install one Os by default client DNS enabled in your system which is storing host recorder in a temporary buffer area, this DNS is called “cache DNS”
SERVER DNS:- In a domain network one PC working as a DNS server. It stores all the host recorder permanently in zone files (text files).
DHCP:- (dynamic host configuration protocol) When we add IP address manually following problems will occur.
1) IP adding will conflict when static IP
2) Adding static IP manually in a big network is default job.
3) Not secure.
For solving above problems they invent boot p protocol, implementing boot server also a default job for domains.
Collecting MAC address manually server side adding MAC address to IP addresses.
Depending on boot p DHCP was developed; in DHCP only give the range (scope).
All DHCP client side one protocol work it is boot p when you start a client system boot p send request along with MAC address to DHCP server.
RESOLVING IP ADDRESS TO MAC ADDRESS
ARP:- address resolution protocol this protocol send 4 type of massages.
ARP REQUEST:- System know the destination IP address requesting for MAC address.
ARO REPLAY:- This request response to every request it will inform the MAC address.
This technology all ISP use this ATM technology, data flow is very fast 620Mbps asynchronies transfer mode – ATM.
In this technology data will now in digital format.
APPLE TALK:- this is developed by apple macanintosh using this we can connect two apple pc’s.
TCP/IP SERVICES
HTTP:- (hyper text markup protocol) this protocol work on application layer we access web sides using this protocols every browser’s work depending or HTTP. HTTP works using TCP/IP services.
HTTP port no – 80
PORT NUMBER:- in application layer every service have it’s own unique identification number this number is called port number (server address).
BROWSER:- Browsers is small application, using this application we can access web sides through internet. Browsers are two types they are
1) Graphical base browser.
2) Text base browser.
IN WINDOWXS:-
1) Internet explorer
2) Netscape navigator
3) More zeal
FTP:- (file transfer protocol) using this protocol we can download, upload files in internet or internet FTP port number – 21.
TFTP:- (trivial file transfer protocol) this is mainly use full for file transfer purpose using TFTP we can take backup of router.
RARP REQUEST:- (reserve address resolution protocol) system know the MAC address requesting for the IP address.
RARP REPLY:- it will give reply for RARP request we can know all MAC address using ARP – a command.
TRANCE ROUTER:- tracert 200.0.0.1 using this command wwe can find out that data following through hw many routers.
HOST FILE:- in olden days there is a file called lm host which will maintain al the MAC address and IP addresses now days this has been changed to HOST file.
%rot drive%/windows/system32/drivers/etc
In this there is host file, this file maintains all the host and I address.
HOW TO CREATE DNS CLIENT?
Client side select local area network connection right click – properties – TCP/IP – properties – her we can add static IP subnet mask and gateway.
For crating a DNS client that system easily find out only host in the network with the help of DNS server.
ADDING VITUAL IP ADDRESS:- TCP/IP – advanced – properties.
If you installed deferent application servers required one unique IP but yur PC was connected through a single NIC card we can add number of logical IP address this IP address one called virtual IP address.
NS LOOK UTILITY:- c:/>NS Lookup
/>192.168.1.99 – host name
Using Ns lookup utility you know the IP address easily we can find out HOST name.
UNC NAME:- universal naming conversion
URL:- (universal resource locator) we use URL in browsing.
VNC:- \\
Ex:- \\system2\jamp - 36
NET BIOS NAME:- length of NETBIOS name is 15 character, in windows environment if your OS is win-95,98,nt all this don’t know what is FQDN and DNS this systems connected network using NETBIOS protocols this is called NETBIOS name.
DIFFERENT TECHNOLOGIES
TOKEN RING:- In token ring technology all pc’s are connected in a ring topology.
FDDI:- Fiber distributed data interface in FDDI technology all the pc’s connected using fiber optic’s cable. In this technology there will be two Rings the are a) primary ring b) secondary ring
In primary ring data flow in clock wise when primary ring ha been failed then data will flow through secondary ring in anti-clock wise, in this technology data will flow very fatly, this technology will support to 100k.m.
ARC NET:- (Attached resource computer NET) This technology invented in 1970’s that tie it’s bandwidth has been developed to 20Mbps, using this technology we can connect maximum 255 pc’s this is also a token ring method, every pc’s has it’s won name in this technology we can use any type of cable, this technology physical topology is star topology. Data will flow in the from of address priority.
VG ANY LAN:- Voice grade any LAN in this technology priority wise data will flow first priority will be given to the voice.
ATM:- we can send voice, video’s, music all type of data at a time through.
SMTP:- (simple mail transfer protocol) this protocol use for sending mails, port no – 25.
POPUP-3:- (post office protocol venison – 3) this protocol used for receiving mails port no – 110.
MAILCLIENTS:- some application supports both SMTP and pop – 3 protocols for sending and receiving mails, this application is mail clients.
Ex:- in windows
1) Out look express
2) Ms out look (ms – office)
3) Internet explorer (IE)
The OS which is used in router is called ISO.
INTERNAT NEW’S GORUP’S:-
In internet there are some groups called NEWS groups, this group always provide latest information and also they will clarity all your don’ts the protocol used in internet NEWS groups in NNTP.
NNTP:- Network news transfer protocol
SOME INTERNET NEWS GROUPS:-
Alt – all distribution information’s
B12 – all business information’s
Comp – all computer and software
News – all news groups
Text mode is universal mode, text mode is faster than graphical mode, all server work in text mode.
TEL NET:- this tool useful for remote log
SNMP:- simple network management protocol
IANA:- internet assigned number authority total port no – 65536.
IIS:- internet information server
RPC:- remote procedure call
IAS:- internet authentication service
LOCAL PRINTER:- If printer is directly connected to the computer USB port/parallel port that printer is called local printer of that computer for installing local printer you must required printer drivers.
NETWORK PRINTER:- If you are using a printer which is available in network but not connected directly to your computer using UNC path we can configure network printer no need any drivers.
NETWORK APPLICATION’S
E – MASSAGING:- Now day’s E – massaging is the one port our lives this E- massaging system possible because of networking only, using LAN or WAN.
DIFFERENT MAIL – SERVER APPLICATION’S
SEND MAIL APPLICATION’S:- this application will work on Linux OS only, totally 60% users using this application.
G – MAIL:- this application will work on Linux and Unix OS only.
SUNMAIL:- this application will work on Unix OS only.
CC: MAIL:- this application will work on IBM and lotus notes.
MS – EXCHANGE SERVER – 2003:- this application will work on win – 2003 server only, totally 25% users are usually this application, mail – server are commonly divide into two parts, they are 1) public mail server 2) private mail server.
PUBLIC MAIL SERVER:- using tis server any one can apply and create account ex:- yahoo mail server.
PRIVATE MAIL SERVER:- this server mainly for organizations internal use purpose only administration can create account.
Ex:- satyam mail server, wipro mail server.
MAIL CLIENT:-
a) Internet Explorer
b) Out look Express
c) Ms outlook
MTA:- (Mail transfer agent) this will take the responsibility of forward mails.
THE ACCESS UNIT/GATE WAY:- this protocol take the responsibility of receiving mails.
X400:- this is universal standard for creating mails server.
NETWORK SECURITY
AUTHONTICATION:-
AUTHENTICATION:- using a user name password login server is called authentication server allow user when username and password is correct.
AUTHERIZATION:- adding permission restriction to a authorized user is called authorization.
DOMAIN SECURITY:-In a domain environment we can provide more security because of centralized administration, this server OS’s provide more security depending on different services.
Ex:- NTLM, KERBROUS
NTLM:- New technology LAN manager, this protocol working for security in win-NT.
KERBROUS:- This protocol working for security in win – 2000 and win – 2003, Unix, Linux.
DAT ENCRYPTION:- In a network we can send data or password in a coding language for security purpose is called encryption.
PASWORD POLICIES:- Using password policies we can provide more security in a domain environment, using same rules for password .
1) Password length.
2) How many character and numeric should be there in a password.
LOOK OUT POLICIES:- In a domain environment we can set lookout policies for restricting un authorized users.
HARDWARE PROFILE:- In win – 2003, Xp we can create hardware profile for restricting removable devices access (CD-Rom, floppy, USB).
SECURITY SOCKET LAYER:- This socket developed by net cafe, the port number of SSC 443, using this layer, we can create secure websites, though that websites data will flow in encryption mode.
FIREWALL:- PIX – 501, 503 this are the hardware firewalls, Wingate, proxy, Norton, are the software firewalls, we can restrict the unauthorized sites using firewalls.
WAN TECHNOLGY
PSTN:- Using PSTN line we can create two types of communication
1) Switch network
2) Leased lines network
SWITCH NETWORK:- In this network data flow in analog system data flow is very slow and unsecured again this network divided into 2 types
1) Normal line(analog)
2) ISDN line(digital)
NORMAL LINE:- In this line we use analog modem through this huge data not possible to send and picture quality very low speed of the line 56Kps.
ISDN LINE:- (Integrated service digital network) starting speed of the line is 1.544Mbps through this line data flow in digital format, we can
CSU:- (Channel service unit) this unit check the earthing and remove the disturbers in data
DSU:- (data service unit) this will add the digital quality to the data.
LEASED LINES:- Using this line we can send huge data in GB’s but this line are more expensive, this line mainly used for enterprise network through this liner we can send only data.
LEASED LINES ARE
T1 – speed 1.544Mbps T3 – speed 128Mbps
T2 – speed 64Mbps T3 – speed 256Mbps
WINDOW’S 2003 ADMINISTRATION
Up gradation of win – 2000 server
Win – NT 3.0 (1995)
Win – NT 3.5
Win – NT 4.5 (no – ADS)
Win – NT 5.0 (win – 2000) (have ADS)
ADVACED FETURES OF WIN 2003
ADS – Active directory service.
NTLM – New technology LAN manager.
WINDOW’S NT:- Windows introduced first networking OS in 1995 later in 2000 they in to duce NT 5.0 given name is no ADS, NTLM in 2000 Kerberos is a protocol for security 2000 and 2003, It is more security protocol ADS and NTLM is developed by IBM.
FEATURE OF 2003:- Win – 2000(SPI, SP4, SP5)+ some features of Xp = win – 2003, It support IIS 6.0 for web destiny, IIS (internet information service)
WIN – 2003 WIN – 2000
IIS 6.0 IIS 5.0
Enhanced GUI Like win – 98
Remote desk Not available
Shadow copy’s Not available
Security templates Not available
Forest level trust relation Not available
64bit processor Only 32bit processor
WIN – 2003 EDITIONS:-
1) WIN – 2003 Standard edition (small organizations)
2) WIN – 2003 Enterprise edition (medium/high)
3) WIN – 2003 Data center edition (medium/high)
4) WIN – 2003 Web edition (web)
SERVSR 2003 SUPORTS:- active directory NTFS file system, IS v6, E volume, shadow copy
SERVER – 2003 STANDARD EDITION:-
1) Small / medium size business organization’s will use.
2) This addition supports around 1000 HOSTS.
3) This support 4 procession, 8GB RAM.
4) Internet connection sharing (ICS).
5) Four way Symantec processing.
REQUIRMENT
SERVER – 2003 ENTER PRISE EDITION:-
1) Medium and Lange size business use.
2) 8 CPU support / 32 GB RAM.
3) 8 note clustering
4) This will not support ICS
SERVER – 2003 DATA CENTER EDITION:-
1) Available only as an original requirement manufacturer (OEM).
2) Provide physical address extension (AAE).
3) This support lake’s of HOSTS.
4) Support 32 CPU’s and 64G.B Ram.
5) HT technology support.
6) Mainly use for data base services.
7) This will not support ICS (internet connection shaning).
SERVER – 2003 WEB EDITION:-
1) 2 CPU’s and 2GB RAM supports.
2) It designed to meet web hosting needs, use for web developers and programmers.
LOCAL USER ACCOUNT:-
FILE SYSTEM:- Every OS flow one method for arranging files and folder is called file system, present wear using NTFS 5.0 version.
FAT - 32 NTFS
1) minimum cluster size 4k.b 1) minimum 4k.b
2) no file/folder security 2) security available
3) data compression possible 3) data compression possible
4) encryption not possible 4) encryption possible
5) we cannot create disk quota’s 5) we create disk quota’s
USER’S:- For authorize logging purpose and security we require user account for ser login user must required one user account in that system.
AUTHONTICATION:- Using a user name password login in server is called authentication, server allow user when user name and password is correct.
AUTHRIZATION:- adding permission and restriction to a authorized user called authorization, user one two type in stand alone PC they are 1) built in users 2) local users.
BUITIN USERS:- this user create by manufactures by default ex:- admin, guest.
ADMINISTRATOR:- admin is a super user he has all the rights and permission.
GUEST:- Guest users by default in disable mode guest user no need password to login, this user not having any permission, only reading.
LOCAL USERS:- Admin can create local accounts in OS there accounts always member of “user’s group”.
GROUPS:- We can create group for assigning permission’s and restrictions to a group of users, groups are two types:- 1) built in groups, 2) local groups.
BUILT IN GROUPS:- Built in groups are created by manufactures by default, they are
1) Administrator group
2) Guest’s group
3) User’s group
4) Power users group
5) Replication group
6) Backup operators group
7) Print operators group
ADDMINISTRATOR GROUP:- Admin user is by default a member of admin group get full permission.
USERS GROUP:- All the local users member of users group they not having permission to create and delete users.
POWER USERS GROUP:- power user group member can create users but not possible to delete users.
BACKUP OPERATER:- they have only permission to take backup.
PRINT OPERATER’S:- This group member has permission to take print out.
USER HOME FOLDER:- Every user have his own home folder %root %document and settings, this home folder save user profile (desktop settings, mail settings, my document settings).
SAM:- (Security account manager) This file maintain all the users, groups and security information’s in stand alone PC, %root %windows/system 32/config.
FILE AND FOLDER SECURITY
MANAGING OBJECTS AND OBJECT SECURITY:- Object names any device like file, folder, system, server, admin.
ACL:- (Access control list each object has an access control list for shared resources management using ACL, we can restrict object, access is control through common security techniques.
1) Attributes
2) Permission
3) Auditing
4) Ownership
ATTRIBUTES:- Attributes use by OS for security and file management.
FAT FILE SYSTEM ATTRIBUTES:-
1) Read only 2) Hidden
ARCHIEVE:- Combining number of files and folder and create one file is archive.
NTFS ATTRIBUTES:- 1) Read only 2) Hidden 3) Archive 4) Index 5) Compress 6) Encrypt.
EXTEDED ATRIBUTES:-
1) A folder and it’s files.
2) A folder it’s files and all subfolders and files.
INDEX:- Allows for quick search indexing service must be installed and set to be start automatically.
COMPRESS:- Saves space on infrequently used files or limited disk space.
PERMISSION CONTROL ACCESS TO AN OBJECT:- Use the folder properties security tab check the allow and deny boxes to set access permission for groups and users, if none of the allow and deny boxes are checked all access is denied, Deny over sides any other access.
INHERITED PERMISSIONS:- The permission of the periout object applies to the chilled objects set by default but can be deactivates.
EVERY ONE GROUP:- All the users one by default member of every one group, we can ad allow and deny permissions to all the users when we apply on every one group.
AUDITING:- Track activity on a folder or file through auditing windows server NTFS folders and file allow auditing of any all of the special permission, Each type of access can be tracked according to successful or failed attempts.
FILE SERVER:- File server sharing files or folder in a network all the clients are accessing the folder or file using the file server, using manage your server we can creates shared folder and we can manage file server.
BASIC ELEMENT OF DOMAIN ENVIRONMENT
DOMAIN:- Domain is a group of network computers they are sharing there resources like CD-Rom, printer, floppy, files and folders, all the computers must share the common folder is called ADS(active directory service)
ADS:- It is a directory service it store all the user group and security information.
DC:- (domain controller) It is a 2003 installed PC which is maintain a copy of ADS is called domain controller.
ADC:- (Additional domain controller) It is a 2003 PC which is maintaining a backup copy of DC’s ADS, the purpose of ADC is creating a fault tolerance and load balancing in a domain.
ACTIVE DIRECTORY DATASTORE:- DC store all the users groups and security data base information in active directory data store by default, it is NTDS.dit file %root drive %windows / NTDS / NTDS.DIT
MEMBER SERVER:- Member server always receive service from DC, it must share DC’s ADS folder only administrator have rights to add a member server in domain.
DOMAIN TREE:- Domain tree is a group of domains one domain must be a root domain other all are child domains.
FOREST:- forest is a group of domain trees
TRUST RELATIONS:- Creating communication between two domains is called trust relation, trust relations are two types, they are 1) transitive (one way) 2) intransitive (two way), between parent and child domains by default two way trust relation available. We can create forest level trust relations in win – 2003 only.
SITE:- Site is a where we can create trust relations between domain trees.
SCEMA:- schema is a set of rules, ADS work depending on schema rules schema is two types they are 1) forest schema 2) domain schema.
GLOBAL CATLOG:- Global cat log is a master searchable index, it maintain all the objects information the first DC in the forest works as a global cat log service.
CONTAINEN:- An object that holds other objects.
SCHEMA:- Defines the object classes and they are attributes that can be contained in active directory.
FOREST:- Highest level container that consists of one or more trees in a common relations ship.
TREE:- Contain one or more domains that are in a common relationship.
HOW TO CREATE A DC:-
Install – 2003 – add static IP – start – RUN – DCPROMO (or) start – programs – administrative tools – configure your server.
LOG FILES:- Log file is a text file it is recording the system events always store log files in different hard disk, c:/windows/NTDS
SYSVOL:- Sysvol is a folder, it store the servers copy of the domains public files the sysvol folder are replicated to all domain controllers in the domain, this folder shold be always created in NTFS file system c::\windows \system32
MAXIUM LENTH OF
User name – 20 characters
Domain name – 63 characters
HOST name – 15 characters
DISTRIBUTED FILE SYSTEM (DFS)
FILE SYSTEM:- Method used for storing all files and folders, FAT – 16, FAT – 32, NTFS, these are the local file system in windows, DFS is the domain working only.
We can create 10,000 Links under a single root, using DFS we can solve the following problems
SECURITY:- When you create a folder using DFS, the users cannot know that the folder is in which system.
FAULT TOLERANCE:- When we made a two DC’s in a domain, in that two DC’s, when we create DFS in that DC’s when one system fail other system can maintain the providing of folder.
LOADBALANCING:- When you create two DC’s using DFS in domain, when large number of users accessing one folder one DC cannot maintain the load balance SO we can access another DC’s in this way, we can maintain load balance.
FILE SYSTEM:-
1) Disk base file system.
2) Network base file system.
3) Virtual base file system.
NETWORK BASE FILE SYSTEM:-
DFS:- When both systems using windows.
NFS:- When both systems using Linux.
VIRTUAL BASE FILE SYSTEM:- data available in buffer area.
USERS
OU:- OU is a organization unit these are the folder a domain name
BUILT IN:- Built in OU contain all the Domain local groups.
COMPUTERS:- All the member server information.
DOMAIN:- Number of DC’s under one domain.
FSP:- All trust relation information (foreign security principal).
USERS:- This contain all the domain built in user accounts.
OU:- OU every big organization dividing into small unit are called OU’s, OU contain different object and sub OU’S object are 1) users 2) printer 3) computer 4) group.
PROFILES
USER PROFILES:- Every user desktop settings in my document files, cookier, information out look mails store and other settings store under a folder that is called user profile, that folder is home folder f the user.
When a user login first time.
Windows create a folder under :- %rot %document settings/with the user name by difult.
The user profiles are 3 types in domain environment.
1) Local profile.
2) Roaming profile.
3) Man directory profile.
LOCAL PROFILE:- If a user login in a domain using any PC that PC create that user profile under document settings folder with his name.
ROAMING PROFILE:- We create roming profile at DC side because of roming profile user can get same settings when he login any where in domain, in roming profile user have rights to change his profile.
MAIN DIRECTORY PROFILE:- We create main directory profile at DC side it is same like roming profile, but user not have any rights to change his profile.
HOW TO CRATE A ROMING PROFILE:-
1) Create an user. Ex:- RKR
2) Create one folder under any drive and share the folder.
3) Using administrator tool open any drive and share the folder.
4) Select user right click.
5) Go to properties.
6) Select profile tab.
7) Enter profile path \\server\RKR
8) Client side login as RKR user.
9) Change desktop settings and created same folders than log off.
10) All your change settings and created files and folder at RKR folder.
HOW TO CREATE MAINDIRECTORY PROFILE:-
1) Create roming profile first.
2) DC side select users home folder.
3) There is folder call NTUSER.DAT
4) You rename the file as NTUSER – MAN
DISK MAAGEMENT:- We can create only four partitions in one hard disk as 4- primary or 3 – primary + one extended, 2 primary + 2 extended.
MBR:- (master boot recorder) this is maintain all booting files information’s it occupy the area of 512bytes.
MOUNTING:- Assigning a formatted hand disk space to a folder is called mounting in windows this mounting is failed create by micro soft for us not possible to corn go mounting.
DISK MANAGENMENT:- disks are two types in win – 2003.
1) Basic disk.
2) Dynamic disk
BASIC DISK:- after installation of 2003 your hard disk is by default basic disk. in basic disk we can create partitions like primary, extended, partition under extended we can create logical partitions maximum we can create 4 partitions, 4 partitions or 3 primary + 1 Extended, we can create number of logical under one extended.
PARTITION:- partition not possible to extend with out distributing data not possible to create different hard disk free space.
DYNAMIC DISK:- In dynamic disk we can create volumes which are expandable with out distributing data and we can create volumes using different hard disk free space.
VOLUMES ARE 5 TYPES:-
1) Simple volume.
2) Spanned volume.
3) Stripped volume.
4) Mirror volume.
5) Raid5 volume.
RAID:- Radiant array of inexpensive disk.
1) soft ware raid
2) hardware raid
WIN 2003 SUPPORT:-
Raid 0 – is for mirroring
Raid 1 – striping with out parity
Raid 5 – stripping with parity
For creating raid – 5 require more than 3 hand disk using raid – 5 when one hard disk fail we can easily recover data.
MOUNT VOLUME:- Using this volume we can add some space to a partition folder.
CREATING A MOUNT VOLUME:-
1) Create one empty folder under any partition.
2) Go to disk manager select free disk space.
3) Right click select new logical drive.
4) Select space requires.
5) Select mount in the following empty NTFS folder.
6) Free select the folder.
7) The drive has been created.
8) When you copy data in the folder that will come and store in this drive.
PRINT MANAGEMENT
PRINTER IS FOUR TYPE:-
1) Dotmatrixs printer.
2) Inkjet printer.
3) Laser printer.
4) Line printer.
We can configure printer in two types in 2003.
LOCAL PRINTER:- A printer which is physically connected to the computer port (LPT/USB) is called local printer for local printer configure you must require drivers.
NETWORK PRINTER:- A printer which is available in network not connected physically. We can configure as a network printer using “unc” path for configure network printer no need any driver.
UNC PATH:- \\server name \ printer name
SPOOLED FOLDER:- A folder which store all the pending printing jobs is called spooled folder.
SPOOLING:- Sending a print job from spool folder to printer is called spooling.
SPOOLING FILES FORMAT:- This is two types they are 1) RAW 2) EMF
RAW:- In raw file, size is very big more compatible to printer win – 98 and NT support this format in a big network this format is very difficult to use.
EMF:- (Enhanced meta file) this file is very small compare to RAW format. In a big network we use this format for network printing, Win – Xp, Win – 2000, Win – 2003 support this format by default.
QUEUE:- This is a window. When we are view all the pending jobs. We an cancel, stop or restart the pending jobs. We can open this window where you click printer icon on taskbar.
DELIGATION CONTROL
We create a delegation control out here containers. 1) domain 2) site 3) o.u
Group are two types, they are 1) security group 2) distribution group.
SECURITY GROUP:- This groups members will get some permissions and restrictions they share server resources.
DISTRUBUTIO GROUP:- This group member don’t have any type of permission and restrictions. All mail groups are distribution groups.
SCOPES:-
1) Domain scope
2) Global scope
3) Universal scope
DOMAIN SCOPE:- if you create a group under domain(local scope)all these group members can login under domain only not possible to login using child domain or other domain tree.
GOBAL SCOPE:- if you create a group under global scope these member can login any where under forest.
UNIVERSAL SCOPE:- if you create group under universal scope this group members can login forest or other forest if trust relation is there by default settings are security and global in domain local group you can ad global, universal and other domain local groups as member under global group we can add local universal or universal and global but domain local group not possible to add member of global group.
UNDER UNIVERSAL GROUP:- we can add global universal group members add global universal group members but domain local group not possible to add a member of universal group.
REMOTE DESKTOP
PING:- packet inline gofer
ROP:- Remote desktop protocol. This protocol is work for creating remote desktop.
Win – 98 and 2000 does not support the remote desktop for that we have to share a file in server and copy that file in that systems. That file is
C:\windows\system32\client\ts client\setup.exe
VNC:- (virtual network connection) this is one software is used for creating a monocle one Remote desktop means when we install this software we can able to view exactly what’s going in other system for refreshing policy Gp update directly users – Dsa.msc.
DNS:- DNS is useful for host resolution purpose adding a human understandable name to a numerical IP address is called resolution.
HOST:- any device connected in TCP/IP network is called host. Every host have it’s own unique name that is called host name. Maximum length of host name 15 characters. We use a – 2, a – z, 1 – 9, “=”. DNS works depending on TCP/IP protocol.
DNS NAME SPACE
Types of DNS:- 1) client DNS (cache DNS) 2) server DNS
CLIENT DNS:- After installation of 2000, Xp, 2003 client DNS by default available in active made. It store host recorder in temporary buffer area so client DNS is called as buffer area. So client DNS is called as cache DNS.
SERVER DNS:- DNS server store all the host recorder in zone file (text file)
This server help to all DNS clients for searching other host address.
HOW TO CONFIGURE DNS SERVER:-
Installing the DNS server using
1) add/remove programs
2) select add/remove components
3) select network services
4) select DNS service.
DNS service has been installed.
VIEW THE DNS OPTION:-
Start – programs – administrator tool – DNS.
FORWARD LOOKUP ZONE:- This zone save all host records in name to IP address format.
REVERCE LOOKUP ZONE:- This zone save all PTR (Pointer records)IP address to name.
CREATE FORWARED LOOKUP ZONE:- Right click forward lookup zone – select new zone.
O PRIMARY ZONE:- Store main host records that can be directly updated on the server.
O SECONDRY ZONE:- Store all the copy of a zone that exists on another server.
O STUB ZONE:- Maintain all the DC’s host records in big networks.
DNS:- Defines a hierarchical name space where each level of the name space is separated by a ‘.’(dot) provides resolution of names to IP address and resolution of IP address to names.
QUERY TYPES:-
1) Interactive query.
2) Recursive query.
HOW TO CREATE DNS CLIENT:-
1) Open TCP/IP properties.
2) Enter preferred DNS server IP address
3) Enter alternative DNS server IP address
Alternative DNS server requires for load balance and fall tolerance purpose.
DNS SUFFIX:-
1) Select TCP/IP properties.
2) Click advanced button.
3) Select DNS tab.
4) Enchain domain name is DNS suffix for connection tab.
VIRTUAL IP ADDRESS:- We can add more than one IP address to a PC’s permanent MAC address. This IP addresses are called virtual IP’s.
It one PC playing called more than one roll like that PC working as a web server, RTP server, mail server than every roll require one unique IP address. So we can create number of virtual IP’s for one PC. Maximum we can add 16 IP’s for one LAN card.
HOW TO ADD:- TCP/IP properties – advance – select IP settings.
DHCP:- Dynamic host configuration protocol.
USED OF DHCP:- DHCP used for to allocate IP addresses to clients on a network. It automates the process of allotting the IP address and frees the network administrator to concentrate other task.
INSTALLING OF DHCP SERVER:- Install DHCP service using add remove programmers, win – components, then network service, select DHCP install service using 2003 cd. In disable mode you can DHCP server
Authorized (enable)
Red mark – disable
Green mark – enable
BOT P:- DHCP depending on boot p.
Scope – 192.168.7.100
192.168.7.200
Boot p working on client side.
Server side working DHCP.
DISADVANTAGE OF YOU ADDING STATICK IP:-
1) No security.
2) IP conflict possible.
3) Very difficult job for administrator in big networks.
SOLUTION:- Using DHCP server we can solve above problem. DHCP assigned IP address automatically to all HOSTS.
CONFIGURETION OF DHCP SERVER:-
HOW TO INSTALL THE DHCP SERVER?
DHCP server service included in win – server 2003 CD – Rom. The computer that functions as the DHCP server must be oriented a static IP address. Any computer that runs win-server 2003 can be configured as the DHCP server.
TO INSTALL DHCP SERVR:-
1) Start – settings – control panel
2) Double click add or remove programs.
3) Click add/remove windows computers.
4) Select networking services and click details.
5) Select DHCP and click ok
6) Click next
7) finish
HOW TO AUTHORIZING DHCP SERVER:- DHCP server need authorization in active directory before they can assign IP address to client.
1) Start – programs – administrator tools – DHCP
2) Select action – manage authorized servers
3) Click authorize
4) Enter IP address of the DHCP server in the BOX.
5) Click ok
6) Verify the information and click ok.
7) Click close.
CONFIGURING DHCP CLIENTS:- You can configure client computer to receive IP address from the DHCP server any computer running a version of the windows operating system can become a DHCP client. You can configure the client using the (TCP/IP) properties dialog box.
1) Start – setting – network connections
2) Right click the network connection and select properties
3) Select internet protocol (TCP/IP) from the list of protocols click properties
4) Ensure the obtain an IP address automatically. When you select this option, you can also set alternative settings which the client will use, in case DHCP server cannot assign it an IP address, you can set the alternative settings in the alternative configured in the alternative configuration tab
5) Click ok
OBTAIN THE IP ADDRESS AUTOMATICALLY:- Enables the to receive the IP address automatically from the DHCP server no manual configuration is required.
USE THE FOLLOWING IP ADDRESS:- Enable you to specify the IP address that the client should use you also need to specify the DNS servers used for name resolution.
AUTOMATIC PRIVATE IP ADDRESS:- Used by the client to assign itself an IP address till the DHCP server is able to resume functionality.
IP ADDRESS:-Enable you to specify or alternate IP address that the client will use.
SUBNETMASK:- Enable you to specify an alternative subnet mask for the network.
DEFAULT GATEWAY:- Enable you to specify an alternative gateway for the client.
PREFERRED DNS SERVER:- Enable you to specify the primary DNS server used for resolving names.
ALTERNATE DNS SERVER:- Enable you to specify the secondary DNS server, this will be used if the preferred server is unavailable.
PREFERED WINS SERVER:- Enable you to specify the primary HINS server, WINS is an alternative method used for name resolution.
THE DHCP CONSULE TO MODIFY THE DHCP STATUS:-
1) Select start – programs – administrative tools – DHCP
2) Select the DHCP server
3) Select action – all tasks
4) Select the required option
Alternatively you can use the services console to modify the DHCP status, to modify the status using the service console.
NET START DHCP SERVER:- Start the DHCP server service.
NET STOP DHCP SERVER:- Stop the DHCP server services.
NET PAUSE DHCP SERVER:- Pauses the DHCP server service
NET CONTINUES DHCP SERVER SERVICE:- Resumes the service after posing it.
COMMAND LINE:- You can modify the DHCP server status from the DHCP console, services, console and using the command line.
SERVICE CONSOLE:- You can disable the DHCP service using the service console.
NETSHELL UTILLITY:- You can manage DHCP from the command line using the net shell utility.
SYNCRONOUS BACKUPS:- This back up are performed automatically every 60 minutes.
ASYNCRONOUS BACKUPS:- This back up must be performed manually.
MANUAL BACKUP:- You can manually restore a DHCP database only by using a manual backup.
HOW TO PERFORM A MANUAL BACKUP OF THE DHCP DATABASE:-
1) Start – programs – administrative tools – DHCP
2) Select the required server
3) Select action – backup
4) Select the location to save the backup and click ok. The data base is copied to the new location.
TO RESTORE A MANUALLY BACKED UP DATABASE:-
1) From the DHCP console, select the required server
2) Select action – restore.
3) Select the folder containing the backup up database and click ok
REMOTE DESKTOP:- Remote desktop in win-server 2003 enables to remotely to a particular machine and work with that machine.
WHAT IS PROVIDED WIN – SERVER – 2003:- win-server 2003 provides the run as command that enable to run applications or commands with different log on information or security credential than those with which you have logged on.
MICROSOFT MANAGEMENT CONSOLE:- Microsoft management console enables to access the administrative tools provide by win-server 2003.
COMPUTER MANAGEMENT CONSOLE:- Computer management console enables to manage or perform required task on the remote computer by accessing that machine.
WHAT IS THE USE OF REMOTE DESKTOP:- Win-server 2003 provides remote desktop for administration service for remote server management.
WHAT IS THE USE OF REMOTE DESKTOP CONNECTION:- Enable to establish connection to a single remote server to perform administrative task on the server.
WHAT IS THE USE OF REMOTE DESKTOP SNAP-IN:- Remote desktop snap-in enable to established connections to multiple remote server simultaneous.
AMINISTRATIVE TASK:- To perform the administrative task on the remote computer you need to configure the server to enable the remote desktop for administration.
REMOTE ASISTANCE:- Remote assistance enable to acquire assistance from the remote user who is an expert or some one who can solve your query.
REMOTE DESKTOP RUN AS COMMAND:-
1) Start – programs – administrative tools
2) Right click active directory users and computers
3) Select run as from the shortcut menu
4) Select the following user option
5) Enter the required user name and password of the user who wants to login as administrator
6) Click ok
TO CREATE A CONSOLE FOR A REMOTE COMPUTER USING MMC:-
1) Start – run
2) Enter MMC (Microsoft management console)
3) Click ok select file add/remove snap in
4) Click add
5) Select computer management from the snap in list
6) Click add click another computer option
7) Enter the computer name
8) Click finish
9) Click close
10) Click ok
11) Save the console 1 windows as console MSC file.
SNAP-INS ADDED TO:- Display the location where the snap-in is added.
DESCRIPTION:- Display the information about the item that you have added to the console.
TO CONFIGURE ERVER TO ENABLE REMOTE DESKTOP FOR ADMINISTRATOR:-
1) Right click my computer
2) Select properties
3) Click remote tab
4) Select allow users to connect remotely to your computer
5) Click ok to return to remote tab
6) Click apply
7) Click ok
TO ACCESSING THE REMOTE DESKTOP:-
1) Start – programs – accessories – communication – remote desktop connection
2) Click options
3) Select computer name from computer dropdown box.
4) Enter the appropriate information
5) Click connect
SAVE AS:- Enable to save the current settings to access the remote desktop.
OPEN:- Enable to open the saved setting in order to access the remote desktop.
ADD:- Enable to add an item in the consol which you have selected in the snap-ins add to option.
REMOVE:- Enable to remove an item that is present in the console.
ABOUT:- Display additional information about the item that you have added to the console.
TO ACCESS THE REMOTE COMPUTER USING THE COMPUTER
MANAGEMENT CONSOLE:-
1) Select start – programs – administrative tools – computer management
2) Right click computer management (local)
3) Select connect to another computer
4) Click another computer option
5) Enter the computer name
6) Click ok the left pane of the computer management window display in the administrative tools of the selected computer.
TO MAKE A REQUEST USING REMOTE ASSISTANCE:-
1) Start – help and support
2) Click remote assistance under support
3) Click invite some one to help you option
4) Click sign-in right click name of the user from whom you want help
5) Select ask for remote assistance
6) Click yes conform the session
UTILITY MANAGER:- Start – programs –accessories – accessibility – utility manager
SOUND RECORDER:- Start – programs – accessories – entertainment – sound recorder
CLUSTER ADMINISTRATOR:- Win-server 2003 supports two type of clusters, server clusters and network load balancing (NLB).
SERVER CLUSTER:- It designed for data base server such as Microsoft SQL server email and massaging server such as Microsoft exchange and file and print servers.
NETWORK LOAD BALANCING (NLB):- It provides high reliability and is suitable for application whose data sets does not change frequently or are read only.
INTERNATE CONNECTION SHARING
HOW TO CONFIGURE INTERNET THROUGH DIALUP?
1) We require telephone and modem
2) Inimically add the internal or external modem
3) Configure modem install devices
4) Check the modem working properly
5) Device manager – select modem – right click – properties – diagnostics – query modem (if your get success modem links)
6) Configure internet connection – settings – control panel – networking connection wizard – select connection to internet – click next – connect using dialup modem – next – ISP name (for display) phone romer (BSNL or any phone company name and he give a number)
7) Set the properties – click properties – use dialing rules – select country – diling rules – pulse
INTERNET CONNECTION SHARING (ICS):-
1) Using ICS we can share internet in a netywork. If you increase the PC’s than internet window slow.
2) We use ICS in small network group in network.
3) ICS is not secure, not possible to restrictions easily hack others
4) We do not use ICS in domen environment
ICS SUPPORT OS’s:-
Windows Xp
Windows 2000
Windows 2003 standard edition
PROXY SERVER:-
1) We use proxy in big network
2) Using proxy we can restrict sites
3) Using proxy we can share internet in big work group or domain
4) Client side no need to enter ISP’s DNS
5) Proxy server is third party it support an OS’s
6) Do not add interconnection to DC
CLIENT SITE:- Internet explorer – right click properties – select connection tab – click LAN setting button – proxy server – enter address of proxy server – enter address f proxy server and port number dial up n – 172259.
Dial u[p connection cost pen min – 30 PC’s
1 min – per speed – 115Kbps
TATA server no – 203.197.12.30
202.54.6.50
Proxy use in only domain environment.
REMOTE ACCESS SERVICE (RAS):-
REMOTE ACCESS SERVICE (RAS):- using RAS we can access remotely located RAS server through PSTN liner for RAS number need internet data is not secured in RAS and it is very slow RAS is working properly PPP (point to point protocol).
REMOTE ACCESS:- This is enable client to connect to the network from a network from a remote location.
HOW TO ACCESS CLIENT A NETWORK REMOTELY:- Client can access a network remotely using a dialup connection or through a virtual private network. IP address for remote clients can be assigned automatically or manually.
AUTHENTICATION:- This is the process at verifying the identity of the person logging on to the network.
WINDOW AUTHENTICATION OR RAIDIUS:- You can configure remote connections to be authenticate using windows authentication or RADIUS.
WHAT IS RADIUS?
RADIUS is an authentication system which centralizes authentication, authorization and accounting for network connection’s.
WHAT IS MS – CHAP V2:- Win-server-2003 authenticates remote connections using ms-CHAP V2 by – default.
Authentication protocols support by routing and remote access or win – server 2003 includes 1) EAP – TLS 2) ms – CHAP V2 3) ms – CHAP V1 4) CHAP
REMOTE CLIENTS CONNECTING THROUGH A DESKTOP CONNECTION CAN USE VARIUS AUTHENTICATION PROTOCOLS SUCH AS :-
1) PAP
2) SPAP
3) CHAP
4) MS – CHAP
5) MS – CHAP V2
WHAT IS REMOTE ACCESS POLICY:- It is set of protocols that define the process of authorizing and rejecting connections.
Remote access policies specify a set of connection restriction if a connection is authorized.
THE DEFAULT POLICY’S OF ROUTING AND REMOTE ACCESS:-
1) Connection to Microsoft routing and remote access servers
2) Connection to other access servers
THE EMLIMENT OF REMOTE ACCESS POLICY:-
1) Conditions
2) Remote access permission
3) profiles
THE DIFFERENT PROPERTIES IN A PROFILE:-
1) IP
2) Multilink
3) Authentication
4) Encryption
5) Advanced
6) Dial-in-constraints
TO CONFIGURE ACCESSS BEYOND THE REMOTE SERVER:-
1) Enable the server to act as router
2) Assign correct IP address
3) Enable IP routing
4) Enable broadcast name resolution
AFTER THE REMOTE CONNECTIONS ARE ESTABLISHED YOU CAN CARRY OUT VARIOUS ACTIONS:-
1) View the client status
2) Send massages to the clients
3) Disconnect the remote session
WHILE ATTEMPTING TO TROBLESHOOT THE REMOTE CONNECTIONS:-
1) Verify that the server can act as a router
2) Verify that IP routing is enable
3) Verify that broadcast name resolution is enabled.
CREATE A NEW DIALUP CONECTION IN A NETWORK SERVER:-
1) Start – settings – network connection
2) Double click new connection wizard
3) Click next
4) Select connect to the network at my work place and click next
5) Select dial – up connection and click next
6) Enter the name for the connection in the company name box and click next.
7) Enter the phone number which the client will dial in phone number box and click next
8) Select who can use the connection to make a connection available to every one select anyone’s use to make the connection available only to you, select my use only.
9) Click next.
10) You can add a shortcut to the connection by selecting the add a short cut to my connection to my desktop check box.
11) Click finish
TO CONFIGURE THE SERVER FOR REMOTE ACCESS:-
1) Start – setting – administrative tools – routing and remote access.
2) Right click the server and select configure and enable routing and remote access.
3) Click next
4) Select dial – up to enable dialup users to access the network and click next
5) Select automatically to enable remote clients to receive IP address automatically
6) Click next
7) Select the method to authenticate connections. To authenticate using routing and remote access. Select number, use routing and remote access to authenticate connections requests.
8) Click next
9) Click finish
CONFIGURING DIAL – IN USER PROPERTIES:-
1) Start – administrative tools – active directory users an computers
2) Click the required user from the console tree in the right pane
3) Select action – properties
4) Click the dial-in tab
5) Select any one option from the remote access permission (dial-in or VPN)
6) Click ok
TO CONFIGURE CALLBACK WHERE THE REMOTE ACCESSS SERVER IS A PART OF THE WIN-SERVER- 2003 DOMAIN:-
1) Start – administrative tools – active directory users and computers
2) Click the required user from the console tree in the right pane
3) Select action - properties
4) Click dial – in – tab
5) Click the required cable option you want to set for the user from the callback options
6) Click ok
USING REMOTE ACCESS CLIENT ADDRESSING:-
1) Select start – settings – administrative tools – routing and remote access
2) Right click the server and select properties
3) Click the IP tab
4) To automatically assign IP address from the DHCP server select the dynamic host configuration protocol (DHCP) option from the IP address assignment section.
TO ASSIGN STATIC IP ADDRESSES TO CLIENTS:-
1) Open the server properties dialog box
2) Click the IP tab
3) Select the static address pool option from the IP address assignment group box
4) Click add
5) Enter the first IP address of the range in the start IP address text box
6) Enter the last IP address of the range in the end IP address text box. A value automatically appear in the number of addresses text box indicating the number of IP addresses in the range
7) Click ok
REMOTE AUTHENTICATION DIAL-IN USER SERVICE (RADIUS):-
1) Start – settings – administrative tools – routing and remote access
2) Right click the server and select properties
3) Click the security tab
4) Select the authentication method from the authentication provider drop down list box
5) Click ok
EXTENSIBLE AUTHENTICATION PROTOCOL:- Transport layer security (EAP – TLS) used along with EAP, to authenticate smart cards it can encrypt connection and authentication data both EAP – TLS can only be used on a domain server.
MS – CHAP V2;- User keys to authenticate connection. It can encrypt both, authentication encrypt both, authentication and connection data, this is the default option in win-sever2003.
MS – CHAP V1:- User keys to authenticate connections, it is used to authenticate clients using older version of windows.
CHALLENGE HANDSHAKE AUTHENTICATION PROTOCOL (CHAP):- Used for compatibility with client not running windows. It encrypts authentication data using MDS hashes. It does not encrypt connection data.
CONFIGURING CLIENT SEURITY SETTINGS:-
1) Start – settings – network connections
2) Right – click the dial-up connection and select properties
3) Click the security tab
4) Select advanced (custom settings) and click settings
5) Select the various options to enable for the connection
6) Click ok
7) Click ok to close the properties dialog box
DATA ENCRYPTION:- Enable you to select the level of encryption for the data
USE EXTENSIBLE AUTHENTICATIN PROTOCOL (EAP):- Enable using EAP for the connection
ALLOW PROTOCOLS:- Enable you to select various protocols that can be used of the connection, the various protocols include, such as, PAP, SPAP, CHAP, MS-CHAP and MS-CHAP V2.
FOR MS – CHAP BASED PROTOCL, AUTOMATICALLY USE MY WINDOWS LOGON NAME AND PASSWORD:- Enables sending the win – logon credentials to the domain controller while logging on to the domain. It enables you to avoid entering the same information twice.
TO VIEW THE DEFAULT REMOTE ACCESS POLICYS:-
1) Start – programs – administrative tools – routing and remote access
2) Expand the node of the required computer from the left pane of the console
3) Click the remote access policies node from the console tree.
CONFIGURE REMOTE ACCESS SERVER:-
1) Start – programs – administrative tools –routing and remote access
2) Right click the server and click properties
3) From the enable this computer as a section select the router check box
4) To enable routing only for LAN connections select the local area network (LAN) routing only option
5) Click ok
ADMINISTERING REMOTE ACCESS CLIENTS:-
1) Start – programs – administrative tools – routing and remote access
2) Expand the server node and select remote access clients are displayed in the detail pane
3) Right click the user and select status.
TO SEND MASSAGES REMOTE USERS:-
1) From routing and remote access console click remote access clients
2) To send a massage to all connected remote users, right – click remote access clients and select send to all.
3) Compose the massage in the dialog box that appears and click ok
TO DISCONNECT A REMOTE USERS CONNECTION:-
1) From the routing and remote access console select the remote access clients node
2) Right click the user in the details pane and click disconnect
BACKUP
WHAT IS BACKUP?
Creating a copy of original data in a compressed mode which know the source path is called as back up you required backup creating data security. We can take backup in 2003 using backup tool.
TYPES OF BACKUP
NORMAL BACKUP:- This is complete data backup (all files) backup. We can take normal backup one’s in a every company archive attribute more is clean in the box.
INTERIMENTAL BACKUP:- (It enable to create backup only those files data are created or modified) since the last normal or incremental backup. This incremental backup always happen the existing normal backup file so every day you take incremental backup. It is very first backup archive mark is clear after the incremental backup.
DEFRENCIAL BACKUP:- This backup including all the files that are include in the first backup as well as contain the files that are created or modified on the second day.
COPY BACKUP:- This is useful when you on backup files between normal and incremental backup it dose not effect your backup process or schedule, after tasking copy backup archive remain same.
DAILY BACKUP:- This type of backup is use full when you on backup the files that are modified on that day with out affecting the backup schedule after daily backup archive remain same.
ADS BACKUP:- In a domain environment if you DC’s ads corrupted or networking properly if you have ADS backup easily you can solve the problem using ADS backup we can restore ADS backup in directory restore mode.
HOW TO RESTORE ADS BACKUP:-
Whiling booting press f8 in startup mode select directory restore mode.
TO PERFORM RESTORE IN A SINGLE FOLDER:-
1) Start – program – accessories – system tools – backup
2) Click restore advanced mode link
3) Click restore and manage media tab
4) Expand file
5) Expand backup bkf
6) Select the folder that you want to restore
7) Select single folder option from restore files to drop-down box.
8) Enter the path of folder where you want to restore in the alternate location text box
9) Click start restore
10) Click ok
TO MODIFY THE TIME FOR THE SCHEDULED BACKUP:-
1) Start – programs – accessories – system tools – backups
2) Click the advanced mode link
3) Click the schedule job tab
4) Click the backup icon for which you want to modify the time of backup
5) Click properties
6) Click the schedule tab
7) Enter the required time for the backup schedule
8) Click ok to return to schedule job options box
9) Click ok
10) Enter the appropriate password in the password and confirm password text box
11) Click ok
MONITORING PERFERMANCE:- The administrator need to monitor and manage the system to know the performance of the system.
WIN-SERVER-2003 RECORDS THREE TYPE OF LOGS IN THE EVENT VIEWR:- 1) application log 2) security log 3) system log
A WIN-SERVER-2003 PCIS CONFIGURED AS A DOMAIN CONTROLLER RECORDS TWO ADDITIONAL EVENTS:-
1) Directory service log
2) File replication log
(DNS)DOMAIN NAME SYSTEM LOG:- A computer in win-server-2003 OS and confirmed as a domain name system (DNS) server records one additional events which is domain name system log.
PERFERMANCE CONSOLE:- Performance console in win-server2003 contains system monitor and performance logs and a lets.
SYSTEM MNITOR:- This is enable you to collect and view the real time performance data of the remote computers.
PERFERMANCE LOG AND ALERTS:- This is enable you to collect the performance data automatically from local or remote computer.
TASK MANAGER:- Information about programs and process that are running on your computer is displayed in task manager.
THE FIVE TABS AVAILABLE IN THE TASK MANAGER
APPLICATIONS:- Display the status of all the programs running on the computer
PROCESSES:- Display information about all the processes that are running on your computer..
PERFERMANCE:- Display information about the performance of the system over time in graphical format
NETWORKING:- Display information about the network performance in the graphical format.
USERS:- Display information of all the users who are logged on
WINDOWS MANAGEMENT INSTRUMENTATION (WMI):- This is an initiative to setup standard for creating, reading and modifying management information’s
WINDOWS MANAGEMENT INTERFACE COMMAND LINE:- You can access the information stored in WMI repository with the help of management scripting tools or command line using (WMIC)
Computer running on different version of Microsoft windows can be managed with the help of WMIC
WIN-2003 PROVIDES YOU FOUR TYPE OF TOOLS:-
1) Event viewer
2) Performance console
3) Task manager
4) WMI event logging tools
EVENT VIEWER:- This is enable administrator together information about hardware and software problems. The event log file are text file this file store information about system events by default win-2003 recorded three type of login event viewer 1) application log 2) security log 3) system log
APPLICATION LOG:- it maintain application or program problem information
SECURITY LOG:- It maintain security related events that you have specified in the adiposity.
SYSTEM LOG:- It contain information about events logged by win-2003 system components EX:- If any driver fail, improper shutdown any device fail this type of information in system log.
DIRECTORY SERVICE LOG:- If you create 2003 PC as a DC, two DC log file add in event viewer 1) directory service log 2) file replication service log
DIRECTORY SERVICE LOG:- It contain information abut ADS EX:- connection problem between servers, if you any user or group this type of problems.
FILE REPLICATION SERVICE LOG:- It contain file replication service information if DC is DNS server DNS server available in event viewer
DNS LOGS:- It store DNS errors every log contain 3 type of massages
INFORMATION:- Successfully completed events
WARNING:- system use of working about feature system problems
ERROR:- Bad key length – failure EX:- service, hard disk.
HOW TO CREATE EVENT VIEWER:-
Start – control panel – administrative tools – event viewer
In the console tree click application
Double click the required event to view more details about the event from the detail pane.
Click ok
TO MONITER THE PERFERMANCE OF COMPUTER:-
Start – control panel – administrative tools – performance
Right click the system monitor
Select add counters
Select counter from the list option and select the counter from the drop down list.
Select the required option from the performance object drop down list.
Select the required counter from select the counter from the list drop down list
Select all instance check box to display all the counters instances that are available when system monitor is in use.
Click add to performance console appear with selected counter.
USING TASK MANAGER:-
1) press ctrl + alt + delete
2) click task manager
3) click the process tab
4) select view – select columns
5) select the required columns name
6) click ok
7) click the performance tab
8) click the networking tab
9) click the users tab
10) close the windows task manager dialog box
BUSNESH TO BUSNESH TO SITE:- With out certificate not having hack data. SSL – security sical layer, port no – 443
PERFERMANCE LOG AND ALERTS:- It enable you to collect the performance automatically from local or remote computer.
PERFERMANCE IS 2 TYPE:-
LOGS:- It display information which the application services are OS generated they are two type of logs
COUNTER LOG:- It display information about the hardware uses, and actives of system services.
TRACE LOGS:- Display disk input out put activities (Disk information).
ALERTS:- It display information about the logs when the counters value ranger or failes below the specific limit.
INTERNATIVE INFORMATION SERVICES (IIS):- It is enabling you to manage and control access to website. IIS is not installed with win-server-2003 by default, installing IIS by default enables it to be static web server. In 2003 IIS are 6.0 versions available using IIS we can host websites in internets, WebPages are websites, we use IIS manager enables to add, delete, start, stop or pause a particular site from the required server.
WHAT IS OUR JOB IN IIS?
Member server (no need to DC)
Win – web edition specialist of IIS. We can punches this name in the organization in INTER.INI, all edition are supported
WHAT IS SFMO RULES:- (flexible single master operator) This rule the server this server perfectly working performance increase in FSMO. We can developed through web pages HTML, VVS script, DOTNET, java script.
TO INSTALL IIS:-
1) Start – settings – control panel
2) Double click add/remove programs
3) Click add/remove windows components
4) Select application server component
5) Click next
6) Insert the win-server-2003 enterprise edition CD
7) Click ok
8) Click finish
TO CONFIGURE IIS TO ENABLES ACTIVE SERVER PAGES:-
1) Start – programs – administrative tools – IIS manager
2) Expand windows 2003 (local computer)
3) Expand web service extensions to display the status of the web service extentions supported by IIS
4) Select active service pages from the web service extetion list
5) Click allow
6) Close the IIS manager console
TO ACCESS A REMOTE SERVER RUNNING IIS:-
1) Start – programs – administrative tools – IIS manager
2) Right click win – 2003 (local computer)
3) Select connect
4) Enter remote server name in computer name box
5) Select the connection as check box
6) Enter appropriate user name and password to connect as an administrator
7) Click ok
8) Expand the remote computer
9) Expand website
10) Right click a particular site is running
11) Select stop
TO CREATE A WEBSITE:-
1) Create a folder win – 2003 under the d:\drive
2) Open notepad
3) Enter the text “well come to the win – 2003 computer internal web site”
4) Save the file or test.html under d:\windows-2003
5) Start – programs – administrative tools – IIS manager.
6) Expand windows 2003 (local computer)
7) Expand websites
8) Right click default websites
9) Select stop
10) Select websites
11) Action – new – website
12) Click next
13) Enter windows – 2003 in the description box
14) Click next
15) Click next
16) Enter d:\windows-2003 in the path box
17) Click next
18) Select read, run scripts (such as asp) and browse check box
19) Click next
20) Click finish
TO SECURE IIS ASSINING BASIC AUTHENTICATON USING AUTHENTICATTION METHODS:-
1) Start – programs – administrative tools – IIS manager
2) Right click windows -2003
3) Select properties
4) Click directory security tab
5) Click edit from authentication and access control box
6) Clear enable anonymous access check box to prevent any unauthorized user from accessing the windows – 2003 website
7) Clear integrated windows
8) Select basic authentication (password is sent in clear text)
9) Click yes to return to authentication method screen
10) Click ok to return to directory security box
11) Click apply
12) Click ok
13) Close the IIS manager
TO VERIFY WHEN THE SETTINGS ARE APPLIED TO A WEBSITE:-
1) Open internet explorer windows
2) Enter http://windows – 2003/test.html
3) Enter the user name
4) Enter the password
5) Click ok
DNS SERVER SITE:-
Start – programs – tools – DNS – forward lookup zone – view (website name) EX:- jkc.com – allow dynamic updates – add IP address - finish
CLIENT SITE:- enter www.jkc.com open the site
Jkc – jawahar knowledge center
CERTIFICATION SERVICES
Protocol used in HTTPS
SSL – security socket layer port no – 443
HTTP port no – 80 & 8080
CERTIFICATION SERVICE
This server provides security to all the sites.
A PUBLIC KEY INFRASTRUCTURE (PKI):- It enables you to protect the data transmitted over the network by using different type of encryption.
A DIGITAL SIGNATURE:- It enables you to conform that the person sending a massage file or any other data is actually the person who he or she claims to be.
ENCRYPTING FILE SYSTEM (EFS):- Win-server-2003 includes EFS it enables you to store data and files on a disk in encrypted format
IP SECURITY:- It enables you to encrypt and digitally sign the communication over the network.
ELOCTRONIC MAIL PROTOCOL:- E-mail massages are transmitted over the internet with the help of electronic mail protocols in the plain text format.
SMART CARD:- This is a credit card-sized plastic card that includes an integrated circuit (IC) and a memory.
PUBLIC KEY ENCRYPTION (PKE):- Computer running win-server-2003 use the PKE for encryption on a data network.
CERTIFICATION:- This is an administrative entity that verifies, manages, and controls the production of public and private certificates you can configure a server running windows server 2003 to function as a CA.. the two type of CA,
1) Enterprise CA
2) Standard alone CA
ROOT CA:- this is must trusted type of CA in the PKI and for the entire organization.
WHILE CONFIGURE CERTIFICATES:-
Type of certificates
Encryption key length and algorithm
Certificate lifetime
Renewal policies
WIRELESS NETWORK AUTHENTICATION:- (WLANs) this is very popular networking technology for EX:-wireless LAN’s based on 802.11 standards is a very important media for security only authorized user can connect the network.
CREAT A CA ON WIN-SERVER-2003:-
1) Start – settings – control panel
2) Click add or remove programs
3) Click add add/remove window components
4) Select certificate services
5) Click detail button
6) Select CA and certificate services web enrollment support box.
7) Click ok
8) Click yes
9) Click ok
10) Click next
11) Click stand alone root CA
12) Click next
13) Enter required information
14) Click next
15) Click next, accept the setting of database
16) Click yes
17) Click yes and finish
18) Close add/remove program box.
SECURITY TEMPLATES & AUDDITING
WHAT IS SECURITY TAMPLATES?
Security tam palates are files in which the security setting and user rights for a network can be specified security templates are a INF file it store all the security policy information’s. all INF files stores folder
C:\window\security\templetes
Security templates are ASCII text based files security templates are stored in the windows\security\templates folder by default.
SECURITY TEMPLETES TOOLS:- Using this tool we can view all the INF files.
SECURITY CONFIGURATION AND ANALIZATION TOOL:- Using this tool we can analyze our systems security with other INF file. We can find out what are the drawback in our security green mark indicate – ok, raid mark indicate – fail
Using configuration option we can add more secure INF file to our server every INF file contains below common of policies.
THE DIFFERENT SECTION IN SECURITY TAMPLATES:-
a) Registry
b) File system
c) Event log
d) System services
e) Restricted groups
f) Local policies
g) Account policies
THE SECURITY CONFIGURATION AND ANALYSIS SNAP IN:- It enables you to compare the settings on a local machine with these of a given templates.
SECEDIT TOOL:- This is a command line version of the security configuration and analysis snap-in.
DIFFERENT SECURITY TEMPLATES IN WIN-SERVER-2003 COMPUTERS:- Apply files and registry permissions, this enables legacy applications to perform their functions. However the compatws template decreases security.
DC SECURITY:- Applies default security settings for a domain controller.
HISECDC:- Includes additional security for NTLM and disable additional services
HISECWS:- Provides increased security for a workstation, it remove members in a power user group
LESACIS:- Applies registry permissions t micro soft internet explorer.
ROOTSEC:- Apply root permission to the drive of the system.
SECUREDC:- Apply LAN manager restrictions and limits account policies.
SECURUS:- Apply LAN manager restrictions and enhances local account policies.
SETUPSECURITY:- Presents the security of the current machine during setup.
DEFLTSV:- Applies the default server templates at setup.
DEFLTD:- Applies the default domain controller (DC) templates.
DIFFERENT SECURITY TEMPLATES IN 2003
REGISTRY:- manager the security setting for registry keys.
FILE SYSTEM:- Includes the security permissions for files and folders
EVENT LOG:- It provide information about the time for which the logs are net enhanced.
SYSTEM SEVICES:- Changes startup settings, such as disable automatic or manual.
RESTRICTED GROUP:- Manage the member ship of any window group.
LOCAL POLICIES:- includes three subsections
AUDIT POLICY:- defines the rights of different session the system.
SECURITY OPTION:- Defines the various security settings that can be implemented through the registry.
ACCOUNT POLICIES
PASSWORD POLICY:- Contains repatriations regarding password.
KERBEROS POLICY:- Contains specifications regarding the users of the kerbereros protocol.
ACCOUNT LCK OUT POLICY:- Controls the maximum number of attempts that can be made to login before the account is locked.
WORKING WITH SECURITY TEMPLATES:- The security configuration and analysis snap in enable you to compare the setting on a local machine a like these of a given templates. It is also possible to examine network security by using the fool.
SECURITY CONFIGURATION AND ANALYSIS SNAP IN:-
Open the Microsoft management console
Select file – add and remove snap in
Click add
Select security configuration and analysis option from the available stand alone and snap in and click add
Click close
click ok
select security configuration and analysis need from the console
select action – open data base
enter the name of the data base in file name box
click open
select the required template
click open to import the template
select file – save as
enter security in the file name box and click save
close the console
TO COMPAIN THE SECURITY SETTING WITH THOSE OF THE TEMPLATE JUST CREATED:-
1) Select start – programs – administrative tools – security MSC security template created appears.
2) Select the security configuration and analysis
3) Select action – analyze computer now
4) Click ok
DIFFERENT SETTTING OF THE SECEDIT COMMAND LINE
COFIGURE:- Applies security setting from a template. This setting must be used only after the rollback is created.
ANALYZE:- Audits and companies the security setting in a data base template with the setting on the machine.
IMPORT:- Exports a template from a database.
VALIDATE:- You must use the validate setting in such situations.
GENARATE ROLLBACK:- You must always make one rollback before applying a new template.
DB:- Specify the name of the database file that you want to create and use.
CFG:- Specify the name of the required template, you must entire the path
OVERWRITE:- When you use this setting and apply a temple the security setting of the older template on the computer will remain the same. The new template will not over write them.
LOG:- Provide a log file to records the errors system uses the windows\security logs\scesrv.log as the default log file if no log file is specified.
QUIET:- You can use this setting as a script.
AREAS:- Apply settings in the areas specifically listed in templates. This setting ignore other settings. This area included
1) Security policy
2) Group – MGMT (restricted groups)
3) User – rights
4) Regkeys
5) File store
6) Services
MARGED POLICY:- Merges and exports the domain and local policy. This setting enable to capture all other security settings.
RBK:- Specify the name of the security template that you want to create. This setting exists only with the / generate rollback setting, you can use the secedit command to configure a machine or to rollback a template, EX:- to configure a machine by using the ABC template secedit/configure/db abc.db/cfg abc.inf/log abc.log
In addition to create a rollback template for the ABC templates that you have created
secedit/generaterollback/cfg abc.inf/ rbk abcrollback.inf/log abcrolback.log
PRINCIPAL OF LEAST PRIVILEGES:- The principal of least privileges guides in the development and implementation of the security policy, this principal ensure that no user of the information systems on the network is allowed to temper with or distort the settings on a system.
IMPLIMENTING SECURITY TAMPLATES
STRONG PASSWORD POLICY:- Prevents unauthorized individuals from entering into the system.
USER RIGHTS:- Sets different rights on computers with different roles. Accesss and log on rights must be reduced.
Security option, restricted group sections.
Service section, base line plan, auditing
NON SECURITY TAMPLATES:-
1) group users
2) configure acts
3) project servers
4) auditing logs
5) web proxies
6) firewalls
SECURITY POLICIES
LOCAL SECURITY POLICY:- This policy tool available under every stand alone PC. If you change the setting it apply to only that partition PC.
DOMAIN SECURITY POLICY:- This policy tool available under DC. If you change these policy settings it apply to all the member computers in a domain.
DOMAIN CONTROLLER SECURITY POLICY:- This policy tool available under DC. If you change these policy settings, it apply to all the DC’s under domain tree.
PASSSWORD POLICY
ENFORCE PASSWORD HISTORY:- It store previous password history maximum password 24 and minimum 0.
MAXIMUM PASSWORD AGE:- Default option is 42 day’s maximum 999 day’s.
MINIMUM PASSWORD AGE:-
By default one day
Maximum – 998 day’s
MAXIMUM PASSWORD LENGTH:-
Default option – 8 connections
Maximum length – 14 connecters
PASSWORD MUST MEET COMPLEXITY
REQUIREMENT:- Compulsory enter name – special symbol – number or connecter – special symbol – numeric
STORE PASWORDS USING REVERSABLE ENCRYPTION ENCRYPTION:- if you enable your DC is more secure. EX:- santosh – hstnas reverse form.
ACCOUNT LOCKOUT POLICY:- IN ATM side this policy is used using this policy a can disable a user account whenever a user enter wrong password. EX:- If any user atm side three time enter wrong password account will disable.
ACCOUNT LOCK OUT DURATION:- Disable account again enable after some duration which is selected.
KERBEROS POLICY’S:- This policy available only in DC’s Kerberos is a protocol maintain complete domain security.
LOCAL POLICY:-
Under local policy
AUDDIT POLICY SECURITY LOG FILE:-
Store all audit information
EX:- Folder is project
Newly join in company – 5 members
I want to add audit
Maximum ten users
Any user log in any one this is enter in security log file. Using audit policy we can get audit reports about users /groups using this policy we can protect our server site resources (files, folders, drive).
HOW TO ADD AUDIT POLICY:-
Text folder – properties – security tab – advanced – auditing – add – folder (NAG) – all give full permission – apply ok.
GROUP POLICIES
S1,S4,S6,S10 = only permissions other user’s other projects.
LOCAL GROUP POLICY HOW TO VIEW:-
RUN – gpedit .msc
Nonlocal group policy gpo
Group policy object we add server side container.
GROUP POLICY’S:- Using group policies we can add a policy on same group of objects (group of computers, objects) group policies are two types, they are
1) local group policy 2) nonlocal group policy.
LOCAL GROUP POLICY:- Every standalone PC contain one group policy that is all local group policy. The local gpo stored at % systemroot % \system32\ group policy. This policy apply on two group of objects
1) computer group
2) user group
we can view group policy using group policy editor command –gpedit.msc, under local group policy two option available.
1) computer configuration
2) user configuration
COMPUTER CONFIGURATION:- If we change any policy below this option , it apply when ever this computer starts
USER CONFIGURATION:- If we change any policy below this option, it apply when ever any user log on this computer.
NONLOCAL GROUP POLICY OBJECT (GPO):- We create GPO on 3 containers
1) OU 2) Domain 3) Site on DC
Nonlocal GPO stored at % system root%\sysvol\domain name\policies\GPO guid\adm
GPO GUID:- This is GPO globally unique identifies
EX:- Select marketing OU – right click – properties – select group policy tab – create policy – pressing new bottom
UNDER GPO CONTAINENR 2 OPTIONS
1) computer configuration
2) user configuration
COMPUTER CONFIGURATION:- This policy setting apply to al the computers objects under container, when ever any this computer start, this policy apply.
USER CONFIGURATION:- This policy apply to all containers users objects when ever they logon using any PC under domain.
CREAT A GPO THAT WILL LINK TO DOMAIN:-
Start – programs – administrative tools – active directory user and computer
Right click the domain for which you want to create the GPO
Select properties
Click the group policy tab
Click New
Enter name the GPO that you want to create
Click ok
TO MODIFY GROUP POLICY OBJECT SETTINGS:-
1) Start – RUN
2) Enter gpedit.msc
3) Click ok
4) Expand the required configuration setting folder
5) Double click the folder to view the policies in the detail pane
6) Double click the policy in the details pane which you want to modify.
7) Select define these policy setting check box
8) Click add user or group
9) Click browse
10) Enter object name to select textbox
11) Click ok
DIFFERENT OPTION IN GPO EDITOR CONSOLE ARE
COMPUTER CONFIGURATION:- Enables to set the polices for a computer different setting available in computer configurations are
SOFTWARE SETTINGS:- This is enable you to specify how the application must be installed and managed in the organization, this setting are applicable to all users who log on the computer.
WINDOWS SETINGS:- Contains the script (startup/shutdown) extension and security setting node. The security setting node enable administrator to set the security setting of the computer such as audit policy, local policy, user rights, account policy and event logs.
ADMINISTRATIE TEMPLATES:- It contains win- component node system node and network node this is saved in HKEY-local-machine(HKLM) registry key. It manage win-server-2003 components such as internet explore, task schedules, terminal services and window installer.
TO REMOVE A GROUP POLICY OBJECT FROM THE GROUP POLICY LIST:-
1) Start – programs – administrative tools – active directory users and computers
2) Right click the domain in the console
3) Select properties
4) Click group policy tab
5) Select the GPO that you want to delete
6) Click delete
7) Select remove the link from the list
8) Click ok
DELIGATING ADMINISTRATIVE CONTROL OF GROUP POLICY:- After creating the group policy object you can delegate the control of GPO to appropriate user. The different tasks for which you can delegate the control of GPO are
EDITING GPO:- Enable the user to edit GPO. The user t whom you delegate the editing task can modify the group policy settings.
CREATING GPO:- Enable the user to create the GPO. The user to whom you delegate the creating task can create GPO in active directory.
TO DELIGATE THE CONTROL OF GPO CREATION:-
1) Start – programs – administrative tools – active directory users and computers
2) Click the users
3) Double click group policy creator owners in the detail pane
4) Click the member tab
5) Click add
6) Enter the name of the user or group to delegate the control in the enter the object names to select textbox
7) Click ok to return to the group policy creator owner properties dialog box
8) Click ok
CONFIGURING THE USER ENVIRONMENT USING GROUP PLICY:- The group policy settings override the user settings. EX:- you want to prevent users from accessing the network and dial – up connection. To prevent the user access you need to remove network and dialup connection option from the start menu. To apply this setting you can configure remove network and dial-up connection from start menu policy.
TO PREVVENT USERS LOOKING THE SYSTEM:-
1) Start – programs – administrative tools – active directory users and computers
2) Click domain for which you want to modify group policy
3) Select file – poperties
4) Click group policy tab
5) Select group policy to configure the settings
6) Click edit
7) Expand user configuration – administrative template – system
8) Click ctrl + alt + del option folder
9) Double click disable lock computer from detail pane select enable
10) Click ok
BTROUBLESHOOTING GROUP POLICY AND SOFTWAREDEPLAYMENT
TOOL FOR TROUBLE SHOOTING GROUP POLICY:- Different tool available for trouble shooting group policy are event viewer, resultant set of policy and GPresult.
EVENT VIEWER:- This is enables the administrator to gather information about hardware and software problems.
APPLICATION LOG:- It contains the group policy failure and warning massages.
RESULT SET OF POLICY (RSOP):- This is a new tool in win server 2003 which enable you to massage and troubleshoot the group policy settings.
RSOP QUERY:- It display all different policies that are applied to users and computers and the odor in which there apply.
THE RSOP QUERY CONSISTS OF TWO MODELS
LOGGING MODE:- Display the existing group policy setting of a computer and user who logged in.
PLANNING MODE:- Enable to replicates the GPO setting that a user and computer might receive.
GPRESULT TOOL:- It is used to create a display RSOP query on a command line. It also display information about OS. User and computer settings.
TO ENABLE EXTENSIVE LOGGING FOR EVENT LOG:-
1) Log on as a administrator
2) Start – run
3) Enter regedit
4) Click ok
5) Expand HKEY_LOCAL MACHINE – software – Microsoft – windows NT – current version
6) Select edit – new –key
7) Enter diagnostic as the name of the key
8) Right click diagnostic key
9) Select new – OWORD value
10) Enter run diagnostic group policy as the name of new value
11) Right click run diagnostic group policy value
12) Select modify
13) Enter one in value data
14) Click ok
15) Log off the machine
16) Log in again
17) Start – programs – administrative tools –event viewer
18) Click application log
19) You can view the errors event to troubleshoot the group policy
TO CRATE THE RSOP QUERY IN LOGG IN MODE:-
1) Start –RUN
2) Enter mmc
3) Click ok
4) Select file – add/remove snap –in
5) Click add
6) Select result set of policy
7) Click add
8) Click close to return to add/remove snap in box
9) Click ok to return console window
10) Right click Result set of policy icon on the RSOP console
11) Select generate RSOP data
12) Click next
13) Select logging mode option
14) Click next
15) Select appropriate action
16) Click next
17) Select appropriate option
18) Click next
19) Click next
20) Click finish
21) Click required configuration folder to view the details.
THE SYNTAX OF GPRESULT TOOL IS:-
GPresult [/s computer [/u clomain\user /p password]]
[/user username][/scope{user/computer}][/v][/z]
where
/S COMPUTER:- specify the name or IP address of a remote computer. The default value is local computer.
/W DOMAIN USER:- The default value is the permission of the currently logged on users on computer from where the command is executed.
/P PASSWORD:- Specify the password of the user account which is specified in the /u parameter.
/SCOP{USE/COMPUTER}:- Display either user and computer settings
/V:- Display the extensive policy information
/Z:- Display information about group policy
TO CREATE A DISPLAY RSOP QUERY OR COMMAND LINE:-
1) Start – RUN
2) Enter cmd
3) Enter gpresult
TROUBLESHOTTING SOFTWARE:- Same time th users may face problems while installing the assigned or published software packages.
SOFTWARE DEPLAYMENT:- Using this option in GPO we can install one dumped (copied) software a server site, in every member server site. Using software deployment we can readies coast.
MSI FILE:- For displaying purpose you required MSI file in obligation, it is window installation file.
MSC – Microsoft saved consol
MSI – Microsoft installer
The administrator manages different software within an organization using the software installation and maintainer feature of intellimirros.
INTELLIMIRROR:- This is a technology which ensure that software and personal settings are available when the user logs on different computers and when the computer is share over the network.
SOFTWARE DEPLAYMENT WITH GROUP POLICY PROVIDE TOOLS SOFTWARE INSTALLATION EXTENSION:- Enable the administrator to manage the installation of the software on the client machine. It is present in group policy object editor console on the server.
ADD/REMOVE PROGRAMS:- Enable the users to manage the installation of the software on their own computer. it is present in control panel.
SOFTWARE DISTRUBUTION POINT (SDP):- It contains all applications which can be assigned or published to a user or computer.
SOFTWARE INSTAALLATION NODE:- It contains all the assign and published application.
THE STEUP SOFTWARE DISTRIBUTION POINT:-
1) Create a folder for software on file server which will be the SDP.
2) Copy all required software setup files to folder
3) Right click the folder
4) Select properties
5) Click sharing tab
6) Select share this folder option
7) Click permissions
8) Set the required permission on folder
9) Click ok
TO CREATE A GROUP POLICY OBJECT CONSOLE:-
1) Select start – run
2) Enter MMC
3) Click ok
4) Select file – add/remove snap in
5) Click add
6) Select group policy object editor
7) Click add
8) Click browse
9) Click the all tab
10) Select the required GPO name under all group policy objects store in this domain
11) Click ok to return to select group policy object screen
12) Click finish
13) Click close
14) Click ok
15) Select file – save as
16) Enter group policy object name
17) Click save
TO SET SOFTWARE DEPLAYMENT PROPERTIES:-
1) Start – programs – administrative tools – group policy object
2) Expand computer configuration – software settings
3) Right click software installation node.
4) Select properties
5) Select the required option
6) Click advanced tab
7) Select the required option
8) Click the file extension tab
9) Select the required option
10) Click categories tab
11) Select required tab
12) Click ok
TO SELECT A PACKAGE DEPLAYMENT METHOD:-
1) Start – program – administrative tools – group policy object.
2) Expand computer configuration – software settings.
3) Right click software installation
4) Select new – package
5) Select the win-installer package files (.MSL file) you want to add to software installation node
6) Click open
7) Select the required option
8) Click ok
TO SET WINDOWS INSTALLER PACKAGE PROPERTIES:-
1) Start – programs – administrative tools – group policy object
2) Expand computer configuration – software settings
3) Click software installation node
4) Right click a package
5) Select properties
6) Click the deployment tab
7) Select required option
8) Click upgrades tab
9) Select required option
10) Click categories tab
11) Select required option
12) Click modifications tab
13) Select the required option
14) Click security tab
15) Select the required option
16) Click ok
ZAP FILE:- Using this file we can deploy software’s, if MSI file is not available.
HOW CREATE ZAP FILE:-
Open notepad:- [application]
Friendly name = “win zip”
Setup command = \\server \winzip\winzip.exe, [exit]save this file as win zip.zap
RADIUS SERVER
RAS server used for authenticating internet users which are remotely connected to the RAS server. All RAS server are clients of RADIAS server. This RADIAS server mainly used at ISP site.
HOW TO CREATE:-
1) Install IIS at PC in DC
2) IAS support PADIAS protocol, RADIUS – remote authentication dial in user services.
RADIUS PROXY:-IAS can be used as a RADIUS proxy to provide routing of these RADIUS massages sent between the client and server.
USE IAS AS A RADIUS SERVER IT PROVIDE:-
1) Centralize authentication and authorization
2) Central accounting recording service
CONFIGURE THE RADIUS CLIENT:-
1) Log or as a administrator from your computer
2) Open the routing and remote access console
3) Select the required computer name from left pane of the console
4) Action – properties
5) Click the security tab
6) Select RADIUS authentication from authentication provider drop down list
7) Click configure
8) Enter IAS server name you can also enter 192.168.0.1 in server name box
9) Click change
10) Enter password
11) Click ok
12) Click ok in add RADIUS server box
13) Click ok the RADIUS authentication box
14) Select RADIUS accounting
15) Click configure
16) Click add
17) Enter required IAS server name and click change
18) Enter password
19) Click ok
20) Click ok in add RADIUS server box
21) Click ok in RADIUS accounting box
22) Click ok in properties
23) Click ok
24) Click apply
25) Click ok
ROUTING AND REMOTE ACCESS SERVICE HAS STOPPED:-
1) Start – programs – accessories – command prompt
2) Enter net stop remote access at command prompt
3) Start – programs – accessories – command prompt
4) Enter net start remote access
CONFIGURE RADIUS SERVER:-
1) Log on as a administrator your computer
2) Start – control panel
3) Click internet authentication service (IAS)
4) Select RADIUS client node
5) Select action new RADIUS client
6) Enter name
7) Enter IP address, client address (IP or DNS)
8) Click next
9) Enter password
10) Click finish
11) Close IAS log off as administrator your computer.
CONFIGURE IVENTLOGING FOR IAS:-
1) start – control panel
2) select IAS
3) select action – properties
4) select the reject authentication requests and successful authentication requests box
5) click apply
6) click ok
VPN
Virtual private network
USE OF VPN:- we can send data security VPN enable you to access remote network security over the internet. In win – server 2003 the default number of simultaneous connection to a VPN is five. We can use VPN send or receive data in encrypt mode we can establish connection in internet or enterprise network. VPN is very faster than RAS.VPN is very secure.
VPN IS TWO TYPE CONECTION:-
1) PPTP 2) L2TP/IPsec
PPTP CONNECTION:- It encrypt data packets but dose not provide data integrity or proof of origin. It encrypts data through protocol. 1) POP 2) SHOP
L2TP/IPsec:- Connection is more secure than PPTP and requires authentication for the user as well as the computer.
STRUCTHURE OF VPN
TO INCREAS THE NUMBER OF CONNECTION:-
1) start – programs – administrative tools – routing and remote access
2) right click port node and select property
3) select required port and click configure
4) enter port no
5) click finish
TO CREATE A PPTP VPN CONNECTION:-
1) start – setting – network connections
2) double click new connection wizard
3) click next
4) select connect to the net work at my work place and click next
5) select virtual private network connection and click next
6) enter company name
7) click next
8) enter host name on IP address
9) click next
10) select anyone’s use and click next
11) click finish
12) click cancel
TO CREATE THE PROPERTIES OF THE VPN CONNECTION:-
1) start – setting – network connections
2) right click the connection created earlier and selection properties
3) click the options tab
4) select include windows logon domain
5) click networking tab
6) verify that automatic is selected under the type of VPN box
7) click ok
TO CONFIGURE A PRE – SHARED KEY ON THE CLIENT COMPUTER:-
1) Start – setting – network connections
2) R – click VPN connection and select properties
3) Click security tab
4) Click IPsec settings
5) Select pre – shared key for authentication box
6) Enter pre – shared key in the key box
7) Click ok
TO CREATE AN LRTP/IPsec VPN CONNECTION:-
1) On server computer – start – programs – administrative tools – routing and remote access
2) R – click the remote access server and click properties
3) Click security tab
4) Select allow custom IPsec policy for LRTP connection box
5) Enter pre-shared key
6) Click ok
7) On client computer start – setting – network connections
8) R- click VPN connection and selection properties
9) Enter host name or IP address of destination
10) Click networking tab
11) Select LRTP/IPsec VPN from type of VPN list
12) Click ok
ROUTING
It transmits data packets from one network to another on internet rooting are used to transmit data among different sevens. It work on the network layer of the OSI model router transmit data using routing tables.
Routing table is set of roots used by router. Win server-2003 provide routing using routing and remote access.
Routing and remote access contain such as, DHCP relaying, demand-dial-routing and packet filtering.
LAN ROUTING CONTAINS TWO MAIN NODES:-
1) NETWORK INTERFACES:- Lists the network interfaces detected on the computer.
2) IP ROUTING:- enables configuring the DHCP relay agent.
TO ADD NETWORK INTERFACE MANUALLY:-
1. Start – programs – administrative tools – routing and remote access.
2. Right click general node, under IP routing node.
3. Select new interface.
4. Select required interface and click ok.
5. Click ok.
Routing and remote access provide contain features relating to IP routing, you can manage this feature using general properties dialog box from routing and remote access console.
TO ACCESS THE GENARAL PROPERTIES DIALOG BOX:-
1. Start – programs – administrative tools – routing and remote access.
2. R-click general node under IP routing node.
3. Select properties.
4. Click the preference levels tab.
5. Click multicast scopes tab.
TO ADD A MULTICAST SCOPE:-
1. Click add.
2. Enter scope name.
3. Enter IP address.
4. Enter mask address.
5. Click ok.
ROUTING TABLES:- It contain address which enable data to reach it’s destination.
THERE ARE THREE TYPE OF ROUTERS:-
1) HOST ROUER:- It specify broadcast address on host computer. Host routers IP routing table contain the 255.255.255.255 network mask.
2) DEFULT ROUTE:- if the destination does not match any entry in table IP routing table contain Ip add – 0.0.0.0 and similar network mask.
3) NETWORK ROUTER:- It specify distinct network address IP routing table can contain any subnet mask address from 0.0.0.0 to 255.255.255.255
TO VIEW THE ROUTING TABLE FROM ROUTING AND REMOTEACCESS CONS:- 1. Start – settings – administrative tools – remote access
2. Expand IP routing node.
3. R-click static router and select show IP routing table.
VIEW IP ROUTING TABLE IN COMMAND PROMPT WINDOWS
1) Open command prompt windows.
2) Enter router print at the prompt and press enter.
ROUTING TABES:- It contains various addresses through which the data will pass til it richer it’s destination.
ROUTING TABLE CONTAIN FIVE COLOMONS
NETWORK DESTINAION COLUM:- It contain the list of final destination addresses
1) 0.0.0.0 – matching destination.
2) 127.0.0.0 – loop back address.
3) 224.0.0.0 – multicast root.
4) Values ending in 255 – broadcast address.
NETMASK COLUMN:- It determines which router will be used to transmit data.
GATEWAY COLUMN:- Specify the IP add of the next router that will receive the data packets.
INTERFACE COLUMN:- Specify the IP add of network adapter or modem that will transmit data to router.
METRIC COLUMN:- Determines which router will be used in case of a conflict with other router.
DEMAND – DIAL CONNECTION:- This is temporary connection, unlike a dedicated connection.
TO ENABLE DEMAND DIAL FUNCTIONALLITY:-
1) Start – programs – administrative tools – routing a remote access.
2) R clicks the server when routing and remote access is configured and select properties.
3) Under enable this computer as a section, ensure that router is selected.
4) Under router option – selection LAN and demand dial option.
5) Click ok.
TO AD A NEW DEMEND – DIAL INTERFACE:-
1) Start – programs – administrative tools – routing and remote access.
2) Right click network Interfaces and select new demand dial interface.
3) Click next.
4) Enter interface name and click next.
5) Select the method t connects. Ex:-select connect sing a modem, ISDN adapter, on their physical devices.
6) Click next.
7) Select modem through which connection will take place and click next.
8) Enter phone number and click next.
9) Select required security and traffic option and click next.
10) Click next.
11) Enter connection information and click next.
12) Click finish.
No comments:
Post a Comment