active directory installation
DESCRIPTION
Active Directory Installation. Nanda Ganesan, Ph.D. Contributions. Chris Rike Christian Ng Juan Herrera Pauline Cheng. Overview of Active Directory. Directory service included in Windows server - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/1.jpg)
© N. Ganesan, Ph.D. , All rights reserved.
Active Directory Installation
Nanda Ganesan, Ph.D.
![Page 2: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/2.jpg)
Contributions
• Chris Rike• Christian Ng• Juan Herrera• Pauline Cheng
![Page 3: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/3.jpg)
Overview of Active Directory
• Directory service included in Windows server
• Stores information about network object and makes the information available to administrators, users, and applications
• Provides a single point of network management allowing people to add, remove, and relocate users and resources easily
![Page 4: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/4.jpg)
1. What is Active Directory? What is the purpose of using Active Directory?
2. What is the function of a directory service? How is it structure?
3. How Active Directory communicate with a wide variety of other technologies?
![Page 5: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/5.jpg)
What is Active Directory? What is the purpose of using Active
Directory?
• Active directory is the directory service included in Windows 2000 server.
• Active Directory stores information about network object and makes the information available to administrators, users, and applications.
• Active Directory provides a single point of network management, allowing people to add, remove, and relocate users and resources easily.
![Page 6: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/6.jpg)
Active Directory Provides Benefits
1). Integration with DNS2). Flexible querying3). Information security4). Simplified administration5). Scalability
![Page 7: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/7.jpg)
1) Active directory as a namespace that is integrated with
the Internet’s Domain Name System (DNS).• Active Directory domains and DNS domains have the same hierarchical structure.• DNS zones can be stored in Active Directory.• Active Directory clients use DNS to locate domain
controllers.
(diagram 1) here:
![Page 8: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/8.jpg)
2) Flexible querying
• Users and administrators can use the Search command on the Start menu, the My Network Places icon on the desktop, or the Active Directory Users and Computer snap-in to quickly find an object on the network using object properties.
• For example, one can find a user by first name, last name, e-mail name, office location, or other properties of that person’s user account.
![Page 9: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/9.jpg)
3) Information security
• Protects network objects from unauthorized access and replicates objects across a network so that data is not lost if one domain controller fails.
![Page 10: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/10.jpg)
4) Simplified administration
• Since all domain controllers in the domain are equal, the process of making changes to one domain controller can be replicated to all other domain controllers in the domain.
• Providing a single point of administration for all objects on the network.
![Page 11: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/11.jpg)
5) Scalability
• With one or more domain controllers, Active Directory enables you to scale the directory to meet any network requirement.
• Multiple domains can be combined into a domain tree and multiple domain trees can be combined into a forest.
![Page 12: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/12.jpg)
How is it structure?
• Using Active Directory, the network and
its objects are organized by constructs
such as domains, trees, forests, trust relationships, organizational units
(OUs), and sites.
![Page 13: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/13.jpg)
How Active Directory communicate with a wide
variety of other technologies?
• Because Active Directory is based on standard directory access protocols, it can interoperate with other directory services and can be accessed by third-party applications that follow these protocols.
![Page 14: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/14.jpg)
Figure 1 How Microsoft fits into the Internet's DNS namespace
Active Directory
![Page 15: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/15.jpg)
Active Directory
Figure 2 Comparing DNS and Active Directory namespace roots
![Page 16: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/16.jpg)
Objects
• The entities that make up a network
• A distinct, named set of attributes that represents something concrete. i.e.a user
• A globally unique identifier (GUID) is assign when it is created
![Page 17: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/17.jpg)
Schema
• A description of the object classes• The attribute for those object
classes
Every Active Directory is an instance of an object class. Each attribute is define only once and can be used in multiple classes.
![Page 18: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/18.jpg)
Schema Attributes and Querying
• Using the Active Directory Schema tool– Mark an attribute as indexed– Include attributes in the global catalog
• Contains a default set of attributes for every object in the forest
• Globally useful• Not volatile• Small
![Page 19: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/19.jpg)
Schema Object Names
• LDAP display name• Common name• Object identifier (OID)
![Page 20: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/20.jpg)
Object Naming Conventions
• Security principal names• Security identifier• LDAP-related names• Object GUIDs• Logon names
![Page 21: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/21.jpg)
Security Principal Names
• Can be a user account, computer account, or a group.
• A name that uniquely identifies a user, computer, or group within a single domain.
• Unique across domains for backward compatibility.
![Page 22: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/22.jpg)
Security IDs (SIDs)
• A unique number created by the security subsystem of the Windows 2000 operating system, and assigned to security principal object. i.e. user, group, and computer accounts.
• Every account on the network is issued a unique SID that account is first created.
![Page 23: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/23.jpg)
LDAP-related Names
• Defines what operations can be perform in order to query and modify information in a directory and how information in a directory can be securely access.
![Page 24: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/24.jpg)
LDAP-related Names
• Three object-naming format based on the LDAP distinguished name:– LDAP DN and RDN names– LDAP URLs– LDAP-based canonical names
![Page 25: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/25.jpg)
LDAP-related Names
Example:User = JohnCountry = USA (forest)State = CA (tree)City = Rosemead (domain)Department = Marketing (OU)
![Page 26: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/26.jpg)
LDAP-related Names
• LDAP DN Name:cn=John,ou=Marketing,dc=Rosemead,dc=CA,dc=USA
• LDAP URL Name:LDAP://server1.CA.USA.com/cm=John,ou=Marketing,dc=Rosemead,dc=CA,dc=USA
• Canonical Name:CA.USA.com/Rosemead/Marketing/John
![Page 27: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/27.jpg)
Object Publishing
• Publishing - is the act of creating objects in the directory that either directly contain the information you want to make available or provide a reference for it.– Share Publishing– Printer Publishing
![Page 28: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/28.jpg)
When to Publish
• Relatively static– Publish only information that changes
infrequently
• Structured– Publish information that is structured
and can be represented as a set of discrete attributes.
![Page 29: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/29.jpg)
How to Publish
• Remote Procedure Call (RPC)• Windows Sockets • Distributed Component Object
Model (DCOM)
![Page 30: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/30.jpg)
You Use Domains to Accomplish the Following Network Management Goals:
• Administrative boundaries • Replicate information • Apply group policy • Structure the network • Delegate administrative authority
![Page 31: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/31.jpg)
Domains:
• Trees• Forests• Trusts• And Ous (organizational units )
![Page 32: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/32.jpg)
Figure 3 Parent and child domains in a domain tree. Double-headed arrows indicate two-way transitive trust relationships
Tree
![Page 33: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/33.jpg)
Figure 4 One forest with three domain trees. The three root domains are not contiguous with each other, but
EuropeRoot.com and AsiaRoot.com are child domains of HQ-Root.com.
Forests
![Page 34: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/34.jpg)
Figure 5 Shortcut trusts between Domains B and D, and between Domains D and 2
Forest
![Page 35: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/35.jpg)
Trust Relationships
• Transitive • Two-way• Shortcut trusts • External trusts
![Page 36: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/36.jpg)
Figure 7 A network with two forests and one extranet
Trust Relationships Trust Relationships
![Page 37: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/37.jpg)
Figure 9 Intra-site replication with just one domain
Organizational Units
![Page 38: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/38.jpg)
Figure 10 Intra-site replication with two domains and two global catalogs
Trust Relationships
![Page 39: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/39.jpg)
Figure 11 Two sites connected by a site link. Each site's preferred bridgehead server is used preferentially for inter-site information exchange.
Trust Relationships
![Page 40: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/40.jpg)
Domain Common Tasks You Can Delegate
Organizational Unit Common Tasks You Can Delegate
Join a computer to a domain Manage Group Policy links
Create, delete, and manage user accounts Reset passwords for user accounts Read all user information Create, delete, and manage groups Modify the membership of a group Manage printers Create and delete printers Manage Group Policy links
Domain and OU Delegation
![Page 41: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/41.jpg)
Groups (or Users) Security Permission
Authenticated User Read with Apply Group Policy ACE
Domain AdministratorsEnterprise AdministratorsCreator Owner Local System
Full control without Apply Group Policy ACE
Table 4 Security Permission Settings for a GPO
![Page 42: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/42.jpg)
Group Policy
• Group Policy (GP): Defines a variety of user’s environments that administrators can manage. GP configurations apply to computers. GP settings apply to users and computers in sites, domains & OU’s.
![Page 43: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/43.jpg)
Group Policy
Components:• Registry based policies• Security options• Software deployment options• Scripts• Redirections to special folders
![Page 44: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/44.jpg)
Group Policy
• GP affect all users and computers in the linked container unless the administrators explicitly change permissions.
• By using security groups, policies are applied specifically to sets of objects within a container.
• Within security groups, Group Policy Objects (GPO) determine the following for specific containers:
• Using security groups to represent business organizational structure is more efficient than using domains or organizational units for administration.
• Policy settings that are domain wide applied to OU’s containing other OU”s are inherited by child containers, unless inheritance is otherwise specified.
![Page 45: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/45.jpg)
Delegating Control of Group Policies
Network administrators which is composed of enterprise administrators or domain administrators can determine which other administrators groups can modify policy settings.
Delegation can also be granted to other administrators to perform the following tasks:– managing group policy for domains, sites and
organizational units.– creating group policy objects– editing group policy objects
![Page 46: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/46.jpg)
Interoperability
Active Directory (A.D) supports a number of standards to ensure interoperability of Windows 2000 environment with other vendors (Novell, Unix)
The following are supported by Active Directory:• Lightweight Directory Access Protocol (LDAP) which is an
industry std for directory access. This service is on the Internet Engineering Task Force (IETF) for becoming an internet std.
• o LDAP it is used to add, modify, delete and query information stored in AD.
• o LDAP to AD is like SQL to Oracle• o LDAP determines how a client can access the directory,
operations within the directory and share directory data• o Application Programming Interfaces (API) uses
![Page 47: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/47.jpg)
Active Directory Service Interfaces and LDAP C API for:
• ADSI enables access to AD by exposing objects stored in the directory as Component
Object Model (COM) objects through scripts• COM’s have access to different types of
directories for which a provider exists• Several providers: Novell Directory Services
(NDS), WinNT, LDAP and Internet Information Services metabase.
• Do you guys know what an object is?
![Page 48: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/48.jpg)
Active Directory Service Interfaces and LDAP C API for:
• Example: You can add a method to the user object that creates an Exchange mailbox for a user when the method is invoked.
• LDAP C API (RFC 1823) is a set of low level C-language API’s to the LDAP protocol.
• Used by developers, however, ADSI is more powerful and more appropriate for developers.
![Page 49: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/49.jpg)
Synchronizing AD with other Directory Services (DS)
• AD interacts with other DS by using an Active Directory Connector which offers bi-directional synchronization for:
MS Exchange (Email) Lotus Notes (Email) GroupWise (Email and common
attributes) LDAP Data Interchange Format
(LDIFDE): Supports importing and exporting directory information. This is an internet std format.
![Page 50: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/50.jpg)
(LDIFDE):
Usage: • Perform batch operations such as
add, delete, rename, modify• Can be also used to backup or
extend the schema.
![Page 51: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/51.jpg)
Internal and external references
• Administrators can create cross-reference object that points to a server in a directory in another forest.
• They take the form of containers. • Internally, the external reference will appear as a
child of an existing AD object• Externally, it will not appear at all• For both internal and external references, AD
contains the name of the DNS server holding a copy of the external directory and the distinguished name of the root external directory.
![Page 52: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/52.jpg)
Kerberos Role and Interoperability
• Win 2000 and above operating systems support multiple configurations for cross platform interoperability ranging from:
• Clients: A domain controller will authenticate clients running RFC-1510 Kerberos. This will include other clients running other operating systems.
• Unix clients and services: A Kerberos principal is mapped to a Windows 2000 user or computer account.
![Page 53: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/53.jpg)
Kerberos Role and Interoperability
• Applications and operating systems: Applications and other operating systems can obtain tickets for services within a Windows 2000 environment.
• Provides backwards support for earlier versions of operating systems through a mixed-mode network configuration.
• Mixed mode domain is a networked set of computers that run both NT 4.0 and Win 2000 and above
![Page 54: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/54.jpg)
Summary
• Active Directory helps centralize and simplify network manageability and provides the necessary resources to support the organizations objectives.
• AD stores information about network objects and makes information available to administrators, users and applications.
• Interacts with Domain Name Space (DNS) by providing a name space that defines all objects.
![Page 55: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/55.jpg)
Summary
• Uses domains, trees, forests, trust relationships, organizational units, and sites to structure the network and its objects.
• Administrative tasks can be delegated to manage OU’s, domains, sites to appropriate support groups
• AD is built on std directory access protocols and along with API’s can access other Directory Services to expand its flexibility
• Data can be exported or imported as required.
![Page 56: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/56.jpg)
Glossary
Active Directory• An enterprise-class directory service that is
scalable, built from the ground up using Internet-standard technologies, and fully integrated at the operating-system level. Active Directory simplifies administration and makes it easier for users to find resources. Active Directory provides a wide range of features and capabilities, including group policy, scalability without complexity, support for multiple authentication protocol, and the use of Internet standards.
![Page 57: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/57.jpg)
Glossary
Active Directory Service Interfaces (ADSI)
• ADSI is a directory service model and a set of Component Object Model (COM) interfaces. It enables Windows 95, Windows 98, Windows NT, and Windows 2000 applications to access several network directory service, including Actives Directory. It is supplied as a Software Development Kit (SDK).
![Page 58: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/58.jpg)
Glossary
Asynchronous Transfer Mode (ATM)• ATM is a high-speed, connection-oriented
protocol designed to transport multiple types of traffic across a network. It is applicable to both local area networks (LANs) and wide area networks (WANs). Using ATM, your network can simultaneously transport a wide variety of network traffic; voice, data, image, and video.
![Page 59: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/59.jpg)
Glossary
Dynamic Host Configuration Protocol (DHCP) with Domain Name System (DNS) and Active Directory
• DHCP works with DNS and Active Directory on Internet Protocol (IP) networks, freeing you from assigning and tracking static IP addresses. DHCP dynamically assigns IP addresses to computers or other resources connected to an IP network.
![Page 60: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/60.jpg)
Glossary
Indexing Service• Indexing provides a fast, easy, and secure
way for users to search for information locally or on the network. User can use powerful queries to search in files in different formats and languages, either through the Start menu Search command or through Hypertext Markup Language (HTML) pages that they view in a browser.
![Page 61: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/61.jpg)
Glossary
Internet Authentication Service (IAS)• IAS provides you with a central point for
managing authentication, authorization, accounting, and auditing of dial-up or Virtual Private Network users. IAS uses the Internet Engineering Task Force (IETF) protocol called Remote Authentication Dial-In User Service (RADIUS).
![Page 62: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/62.jpg)
Glossary
Internet Information Services (IIS) 5.0• The powerful features in Internet
Information Service (IIS), a part of Microsoft Windows 2000 Server, make it easy to share documents and information across a company intranet or the Internet. Using IIS, you can deploy scalable and reliable Web-based applications, and you can bring existing data and applications to the Web, IIS includes Active Server Pages and other features.
![Page 63: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/63.jpg)
Glossary
Lightweight Directory Access Protocol (LDAP) support
• LDAP, an industry standard, is the primary access protocol for Active Directory. LDAP version 3 was defined by the IETF.
![Page 64: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/64.jpg)
Glossary
Terminal Services• The Windows 2000 Server family offers the only
server operating systems that integrate terminal emulation services. Using Terminal Services, a user can access programs running on the server from a variety of older devices. For example, a user could access a virtual Windows 2000 Professional desktop and 32-bit Windows-based applications from hardware that couldn’t run the software locally. Terminal Services provides this capability for both Windows and non-Windows-based client devices.
![Page 65: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/65.jpg)
Glossary
Virtual Private Network (VPN)• You can allow users ready access to the network even
when they’re out of the office, and reduce the cost of this access, by implementing a VPN. Using VPNs, users can easily and securely connect to the corporate network. The connection is through a local Internet Service Provider (ISP), which reduces connect-time charges. With Windows 2000 Server, you can use several new, more secure protocols for creating Virtual Private networks, including’: L2TP, a more secure version of PPTP (L2TP is used for tunneling, address assignment, and authentication) and IPSec, a standard-based protocol that provides the highest levels of VPN security. Using IPSec, virtually everything above the networking layer can
![Page 66: Active Directory Installation](https://reader035.vdocuments.us/reader035/viewer/2022062801/568143fd550346895db09159/html5/thumbnails/66.jpg)
END