chapter01-introductiontowindowsserver2003
TRANSCRIPT
-
8/7/2019 chapter01-introductiontowindowsserver2003
1/55
Managing a Microsoft
Windows Server 2003Environment
Introduction to Windows
Server 2003
-
8/7/2019 chapter01-introductiontowindowsserver2003
2/55
2
Objectives Differentiate between the different editions of
Windows Server 2003
Explain Windows Server 2003 network modelsand server roles
Identify concepts relating to Windows Server
2003 network management and maintenance
Explain Windows Server 2003 Active Directory
concepts
-
8/7/2019 chapter01-introductiontowindowsserver2003
3/55
3
Windows Server 2003 Network
Administration Goals
To ensure that network resources such as files,
folders, and printers are available to users To secure the network so that available resources
are only accessible to users who have been
granted the proper permissions
-
8/7/2019 chapter01-introductiontowindowsserver2003
4/55
Windows Server 2003
Windows Server 2003 (also referred to asWin2k3) is a server operating system produced
by Microsoft. Introduced on 24 April 2003 as
the successor to Windows Server 2000.
An updated version, Windows Server 2003 R2,
was released to manufacturing on 6 December
2005.
Windows Server 2008, was released on 4
February 2008
-
8/7/2019 chapter01-introductiontowindowsserver2003
5/55
5
Windows Server 2003 Editions Multiple versions of Windows Server 2003 exist
Each version is defined to meet the need of a
certain market segment
Versions Include:
Standard Edition
Enterprise Edition
Datacenter Edition
Web Edition
-
8/7/2019 chapter01-introductiontowindowsserver2003
6/55
6
Standard Edition Designed for everyday needs of small to medium
businesses or as a departmental server for larger
organizations Provides file and print services, secure Internet
connectivity, centralized management of networkresources
Logical upgrade path for Windows 2000 Server Can be used as a domain controller, member
server, or standalone server
-
8/7/2019 chapter01-introductiontowindowsserver2003
7/55
7
Standard Edition (continued)
-
8/7/2019 chapter01-introductiontowindowsserver2003
8/55
8
Enterprise Edition Generally used for medium to large businesses
Designed for organizations that require better
performance, reliability, and availability thanStandard Edition provides
Provides support for mission-critical applications
Available in both 32 and 64-bit editions
-
8/7/2019 chapter01-introductiontowindowsserver2003
9/55
9
Enterprise Edition (continued)
-
8/7/2019 chapter01-introductiontowindowsserver2003
10/55
-
8/7/2019 chapter01-introductiontowindowsserver2003
11/55
11
Datacenter Edition
Designed for mission-critical applications, very
large databases, and information access that
requires the highest levels of availability Can only be obtained from Original Equipment
Manufacturers (OEMs)
-
8/7/2019 chapter01-introductiontowindowsserver2003
12/55
12
Datacenter Edition Continued
-
8/7/2019 chapter01-introductiontowindowsserver2003
13/55
13
Web Edition Lower-cost edition
Designed for hosting and deploying Web services
and applications
Meant for small to large companies or
departments that develop and/or deploy Web
services
-
8/7/2019 chapter01-introductiontowindowsserver2003
14/55
14
Web Edition (continued)
-
8/7/2019 chapter01-introductiontowindowsserver2003
15/55
15
Determining the Windows
Server 2003 Edition Installedon a Server Objective is to determine the edition of Windows
Server 2003 installed on your server using SystemProperties
Follow the instructions
Start My Computer Properties General tab
-
8/7/2019 chapter01-introductiontowindowsserver2003
16/55
16
Windows Networking Concepts
Overview Two different security models used in Windows
environments
Workgroup
Domain
Three roles for a Windows Server 2003 system in
a network
Standalone server
Member server
Domain controller
-
8/7/2019 chapter01-introductiontowindowsserver2003
17/55
17
Workgroups
A workgroup is a logical group of computers
Characterized by a decentralized security and and
administration model
Authentication provided by a local account database
Security Accounts Manager (SAM)
Limitations
Users need unique accounts on each workstation
Users manage their own accounts (security issues)
Not very scalable
-
8/7/2019 chapter01-introductiontowindowsserver2003
18/55
18
Domains
A domain is a logical group of computers
Characterized by centralized authentication and
administration
Authentication provided through centralized Active
Directory
Active Directory database can be physically distributed
across domain controllers
Requires at least one system configured as a domaincontroller
-
8/7/2019 chapter01-introductiontowindowsserver2003
19/55
19
Member Servers A member server
Has an account in a domain
Is not configured as a domain controller
Typically used for file, print, application, and host
network services
All 4 Windows Server 2003 Editions can be configured
as member servers
-
8/7/2019 chapter01-introductiontowindowsserver2003
20/55
20
Domain Controllers
Explicitly configured to store a copy of Active
Directory
Service user authentication requests
Service queries about domain objects
May be a dedicated server but is not required to be
-
8/7/2019 chapter01-introductiontowindowsserver2003
21/55
21
Domain Controllers
(continued)
-
8/7/2019 chapter01-introductiontowindowsserver2003
22/55
New Manage Your Server Wizard Simplifies
Network Server Configuration and Management
Simplified Installation
Simplified Administration
Versatile and Powerful Remote Administration
Trustworthy Computing Environment
-
8/7/2019 chapter01-introductiontowindowsserver2003
23/55
You can use the wizard to add or remove the
following roles from your machine:
File server Print server
Application server (IIS, ASP .NET)
Mail server (POP3, SMTP)
Terminal server Remote access/VPN server
Domain controller (Active Directory)
DNS server
DHCP server Streaming media server
WINS server
-
8/7/2019 chapter01-introductiontowindowsserver2003
24/55
The roles servers are setup with are: Application Server - Web Services
DHCP Server - Assigning IPs to PC's
DNS Server - Resolves PC Names into IP
Domain Controller - has ADS, manages logon, Authenticates,
Provides Directory services and has a Data store. Installs DNS
and ADS.
File server - Manages access to files Mail server - For small
sites where you need mail, but not a powerful Exchange server
-
8/7/2019 chapter01-introductiontowindowsserver2003
25/55
Contd.. Mail server - For small sites where you need mail, but not a
powerful Exchange server
Print Server - manages printers
Remote Access/VPN Server - routes Network traffic Server
Cluster Node - Server that operates as part of a group.
supported by Datacentre and Enterprise only
Streaming media Server - a server that provides Streaming
media to other systems on the network. Supported by Standard
and Enterprise servers only.
Terminal Server - a server that processes tasks for multiple
client pc's in a terminal services mode. Wins Server - ResolvedNetbios Names into IP
-
8/7/2019 chapter01-introductiontowindowsserver2003
26/55
26
Determining the Domain or
Workgroup Membership of aWindows Server 2003 System
Objective is to determine the domain orworkgroup membership of a system
Start My Computer Properties Computer
Name tab
Displays computer name and domain
Change OK
-
8/7/2019 chapter01-introductiontowindowsserver2003
27/55
27
Computer Accounts Assigned in Windows NT, 2000, XP, and 2003
Assigned when joining a domain
Method for authentication and access auditing
Accounts are represented as computer objects
Accounts can be viewed using administrative tools
e.g., Active Directory Users and Computers
-
8/7/2019 chapter01-introductiontowindowsserver2003
28/55
28
Viewing and Configuring
Computer Account Settings inActive Directory Users and
Computers
Objective is to use the Users and Computers tool
to view and configure account settings/properties
Start Administrative Tools Active Directory
Users and Computers
-
8/7/2019 chapter01-introductiontowindowsserver2003
29/55
29
Using Active Directory Users and
Computers to View a Computer
Object
-
8/7/2019 chapter01-introductiontowindowsserver2003
30/55
30
Network Management and
Maintenance Overview
Five major focus areas of administrative tasks
Managing and maintaining physical and logical devices Managing users, computers, and groups
Managing and maintaining access to resources
Managing and maintaining a server environment
Managing and implementing disaster recovery
-
8/7/2019 chapter01-introductiontowindowsserver2003
31/55
31
Managing and Maintaining
Physical and Logical Devices
Network administrator responsibilities include:
Installing and configuring hardware devices
Managing server disks
Monitoring and managing performance
Tools include
Control panel applets Device Manager
Disk Defragmenter
-
8/7/2019 chapter01-introductiontowindowsserver2003
32/55
32
Managing Users, Computers,
and Groups User accounts
Creation, maintenance, passwords
Group accounts Assign network rights and permissions to multiple users
Support e-mail distribution lists
Computer accounts
Active Directory tools and utilities used to create and
maintain computer accounts
-
8/7/2019 chapter01-introductiontowindowsserver2003
33/55
33
Resetting a Domain User Account
Password Using Active DirectoryUsers and Computers
Objective is to reset a user password Force user to change password at next log-in
Other techniques discussed
Start Administrative Tools Active Directory
Users and Computers Users
-
8/7/2019 chapter01-introductiontowindowsserver2003
34/55
34
The Reset Password Dialog Box
in ActiveD
irectory Users andComputers
-
8/7/2019 chapter01-introductiontowindowsserver2003
35/55
35
Managing and Maintaining
Access to Resources Server 2003 uses sharing technique
Sharing setup
Through Windows Explorer interface and ComputerManagement administrative tool
Shared folder and NTFS permissions
Terminal services
Allows access to applications through a central server Allows access from desktops running different
operating systems
-
8/7/2019 chapter01-introductiontowindowsserver2003
36/55
36
Managing and Maintaining a
Server Environment Covers a wide variety of tasks including:
Managing server licensing
Managing patches and software updates Managing Web servers
Managing printers, print queues, disk quotas
A wide variety of tools are available including:
Event Viewer and System Monitor Software Update Services
Microsoft Management Console
-
8/7/2019 chapter01-introductiontowindowsserver2003
37/55
37
Creating a Custom Microsoft
Management Console
The objective is to create a custom MMC
MMC groups commonly used tools foradministrators convenience
Start Run mmc OK File Add/Remove
Snap-in
-
8/7/2019 chapter01-introductiontowindowsserver2003
38/55
38
The Add Standalone Snap-in
Dialog Box
-
8/7/2019 chapter01-introductiontowindowsserver2003
39/55
39
Selecting the Snap-In Focus
-
8/7/2019 chapter01-introductiontowindowsserver2003
40/55
40
Managing and Implementing
Disaster Recovery Main component of disaster recovery is system
backup
Backup tool provided is Windows Backup Different types of backup
Automated scheduling of backups
Back up critical system state information
Automated system Recovery
Shadow Copies of Shared Folders
-
8/7/2019 chapter01-introductiontowindowsserver2003
41/55
41
Introduction to Windows
Server 2003 Active Directory
Provides the following services
Central point for storing and managing network objects
Central point for administration of objects and
resources
Logon and authentication services
Delegation of administration
-
8/7/2019 chapter01-introductiontowindowsserver2003
42/55
42
Introduction to Windows
Server 2003 ActiveD
irectoryContinued
Stored on domain controllers in the network
Changes made to any Active Directory will bereplicated across all domain controllers
Multimaster replication
Fault tolerance for domain controller failure
Uses Domain Name Service (DNS) conventions
for network resources
-
8/7/2019 chapter01-introductiontowindowsserver2003
43/55
43
ActiveD
irectory Objects
An object represents a network resource such as a
user, group, computer, or printer Objects have attributes depending on object type
Objects are searchable by attributes
-
8/7/2019 chapter01-introductiontowindowsserver2003
44/55
44
Active Directory Schema
Schema defines the set of possible objects for
entire Active Directory structure
Only one schema for a given Active Directory,
replicated across domain controllers
Two main definitions
Object classes
Attributes Attributes and object classes have a many-to-many
relationship
-
8/7/2019 chapter01-introductiontowindowsserver2003
45/55
45
Active Directory Logical
Structure and Components Active Directory comprises components that:
Enable design and administration of a network structure
Logical Hierarchical
Components include:
Domains and organizational units
Trees and forests
A global catalog
-
8/7/2019 chapter01-introductiontowindowsserver2003
46/55
46
Domains and Organizational
Units Domain
Has a unique name
Is organized in hierarchical levels
Has an Active Directory replicated across its domaincontrollers
Organizational unit (OU)
A logical container used to organize domain objects
Makes it easy to locate and manage objects Allows you to apply Group Policy settings
Allows delegation of administrative control
-
8/7/2019 chapter01-introductiontowindowsserver2003
47/55
47
An Active Directory Domain
and OU Structure
-
8/7/2019 chapter01-introductiontowindowsserver2003
48/55
48
Trees and Forests
Sometimes necessary to create multiple domainswithin an organization
First Active Directory domain is the forest rootdomain
A tree is a hierarchical collection of domains thatshare a contiguous DNS naming structure
A forest is a collection of trees that do not share acontiguous DNS naming structure
Transitive trust relationships exist amongdomains in trees and, optionally, in and acrossforests
-
8/7/2019 chapter01-introductiontowindowsserver2003
49/55
49
Global Catalog
An index and partial replica of most frequently used
objects and attributes of an Active Directory
Replicated to any server in a forest configured to be
a global catalog server
-
8/7/2019 chapter01-introductiontowindowsserver2003
50/55
50
Global Catalog (continued)
Four main functions
Enable users to find Active Directory information
Provide universal group membership information
Supply authentication services when a user logs on from
another domain
Respond to directory lookup requests from Exchange
2000 and other applications
-
8/7/2019 chapter01-introductiontowindowsserver2003
51/55
51
An Active Directory Forest
-
8/7/2019 chapter01-introductiontowindowsserver2003
52/55
52
Active Directory
Communications Standards The Lightweight Directory Access Protocol
(LDAP) is used to query or update ActiveDirectory database directly
LDAP follows convention using naming pathswith two components
Distinguished name: the unique name of an object inActive Directory
Relative distinguished name: the portion of adistinguished name that is unique within the context ofits container
-
8/7/2019 chapter01-introductiontowindowsserver2003
53/55
53
Active Directory Physical
Structure
Physical structure distinct from logical structure
Important to consider the effect of Active
Directory traffic and authentication requests on
physical resources
A site is a combination of1+ Internet Protocol
(IP) subnets connected by a high-speed connection
A site linkis a configurable object that representsa connection between sites
-
8/7/2019 chapter01-introductiontowindowsserver2003
54/55
54
Summary
Windows Server 2003 network administration
goals:
Make network resources available to users as permitted Secure the network from unauthorized access
Four editions of Windows Server 2003 with
different features and costs
Two network security models with three possible
server roles
-
8/7/2019 chapter01-introductiontowindowsserver2003
55/55
55
Summary (continued)
Five broad categories of network administration
tasks in a Windows Server 2003 environment
Native directory service is Active Directory Objects and schema
Domains, organizational units and controllers
Trees and forests
Sites and site links