Master of Computer Applications1

MASTER OF COMPUTER APPLICATIONS
(MCA)
Name:
Enrolment no:
Semester:
Subject:
SCHOOL OF COMPUTER AND INFORMATION SCIENCES

INDIRA GANDHI NATIONAL OPEN UNIVERSITY
MAIDAN GARHI, NEW DELHI – 110068
1
NAME OF THE STUDY CENTER
BMS College of Engineering,Bangalore.
Laboratory Certificate
This is to certify that Ms…………………………..
has satisfactorily completed the course of experiments in
………………………………………………practical
prescribed by the IGNOU university 2sem MCA course in
the laboratory of this college in the year 2005.
Date: Signature of Lab

incharge
Name of the candidate:
Enrollment no:
2
Examination center:
DATA STRUCTURES
3
SESSION-1: ARRAYS
1. PROGRAM TO FIND THE MULITIPLICATION OF TWO MATRICES
#include<stdio.h>
# define size 10
void main()
{
int r1,c1,r2,c2,i,j,k,x[size][size],y[size][size];
int m[size][size];
clrscr();
printf("Enter the order of 1st matrice\n");
scanf("%d%d",&r1,&c1);
printf("Enter the order of 2nd matrice\n");
scanf("%d%d",&r2,&c2);
if(c1==r2)
{
printf("enter the %d elements of first matrix\n",r1*c1);
for (i=0;i<r1;i++)
{
for(j=0;j<c1;j++)
scanf("%d",&x[i][j]);
}
printf("enter the %d elements of second matrix\n",r2*c2 );
for (i=0;i<r2;i++)
{
for(j=0;j<c2;j++)
scanf("%d",&y[i][j]);
}
printf("The given first matrix is:\n");
for (i=0;i<r1;i++)
{
for(j=0;j<c1;j++)
printf("%d\t",x[i][j]);
printf ("\n");
}
printf("The given second matrix is:\n");
for (i=0;i<r2;i++)
{
for(j=0;j<c2;j++)
printf("%d\t",y[i][j]);
printf ("\n");
}
for (i=0;i<r1;i++)
{
for(j=0;j<c2;j++)
{
m[i][j]=0;
for(k=0;k<r2;k++)
m[i][j]=m[i][j]+x[i][k]*y[k][j];
4
}
}
printf("The product is:\n");
for (i=0;i<r1;i++)
{
for (j=0;j<c2;j++)
printf(" %d\t",m[i][j]);
printf("\n");
}
}
else
printf ("multiplication is not possible");
getch();
}
2. PROGRAM TO ACCEPT 10 STRINGS AS INPUT & PRINT IN LEXICOGRAPHICORDER
#include <stdio.h>
#include <string.h>
void main()
{
char a[4][25],temp[25];
int i,j;
clrscr();
printf("Enter the names\n");
for (i=0;i<4;i++)
gets(a[i]);
for (i=0;i<3;i++)
for (j=i+1;j<4;j++)
{
if (strcmp(a[i],a[j])>0)
{
strcpy(temp,a[i]);
strcpy(a[i],a[j]);
strcpy(a[j],temp);
}
}
printf("Sorted strings are \n");
for (i=0;i<4;i++)
puts (a[i]);
getch();
}
3. PROGRAM TO TWO STINGS S1,S2 & CHECK IF S2 IS SUBSTRING OF S1 & ALSO THE
POSITION OF THE SUBSSTRING IN S1.
#include<stdio.h>
#include <string.h>
void main()
{
5
char st1[25],st2[25];
int cnt,i,j,k,c,len,m,sign;
clrscr();
printf("Enter the first string\n");
gets(st1);
printf("Enter the second string\n");
gets(st2);
len=strlen(st1);
for(i=0;i<len;i++)
{
c=0;
if (st1[i]==st2[c])
{
m=i;
sign=0;
cnt=0;
while(st2[c]!='\0' && sign!=1)
{
if (st1[m]==st2[c])
{
m++;c++;
cnt++;
}
else
sign=1;
}
if (sign==0)
{
printf("The given string is present\n");
printf("The starting position %d & ending position %d\n",i+1,(i+cnt));
k=1;
}
}
}
if (k != 1)
if (sign!=0)
printf("The given string is not present\n");
getch();
}
4. PROGRAM TO CONCATENATE TWO STRINGS S1 & S2
#include<stdio.h>
#include<string.h>
void main()
{
char str1[10],str2[10],str[20];
int i=0,j=0,k=0;
clrscr();
printf ("enter the two strings\n");
gets (str1);
gets (str2);
while (str1[i]!='\0')
{
6
str[k++]=str1[i++];
}
while (str2[j]!='\0')
{
str[k++]=str2[j++];
}
str[k]='\0';
printf("The concatenated string is:");
puts (str);
getch();
}
SESSION-2: STRUCTURES
1. PROGRAM TO FIND THE STUDENT INFORMATION & PRINT THE STUDENT

INFORMATION & RANK SECURED IN ASCENDING ORDER.
#include<stdio.h>
#include<conio.h>
#define SIZE 50
void main()
{
int num,i,j;
int temp=0,tempe=0;
char tempn[50];
struct student
{
int eno ;
char name[50];
int avg;
} st[SIZE];
clrscr();
printf("Enter the number of students\n");
scanf("%d",&num);
for(i=0;i<num;i++)
{
printf("Enter the name of the student\n");
scanf("%s",&st[i].name);
printf("Enter the enrollment number\n");
scanf("%d",&st[i].eno);
printf("Enter aggregate marks of enter students \n");
scanf("%d",&st[i].avg);
}
for(i=0;i<num-1;i++)
for (j=i+1;j<num;j++)
{
temp=0;tempe=0;
if (st[i].avg<st[j].avg)
{
temp=st[i].avg;
7
st[i].avg=st[j].avg;
st[j].avg=temp;
strcpy(tempn,st[i].name);
strcpy(st[i].name,st[j].name);
strcpy(st[j].name,tempn);
tempe=st[i].eno;
st[i].eno=st[j].eno;
st[j].eno=tempe;
}
}
for(i=0;i<num;i++)
{
printf("Enrollment number:%d\n Name:%s\n",st[i].eno,st[i].name);
printf("Aggregate marks:%d\n Rank:%drank\n",st[i].avg,(i+1));
}
getch();
}
SESSION 3: LINKED LISTS
1. PROGRAM FOR THE CREATION & DELETION OF A LIST USING POINTERS.

a) SINGLY LINKED LIST:
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
struct info
{
char name[30];
int eno;
struct info *next;
};
struct info *head=NULL,*temp,*disp;
void addrecord();
void deleterecord();
void disrecord();
void main()
{
int ch;
clrscr();
while (1)
{
printf("\n 1. To add records\n");
printf("\n 2. To delete a records\n");
printf("\n 3. To view the records\n");
printf("\n 4. To exit\n");
printf("\n Enter your choice\n");
scanf("%d",&ch);
fflush(stdin);
switch(ch)
{
case 1:addrecord();
break;
case 2:deleterecord();
break;
8
case 3: disrecord();
break;
case 4:exit(0);
}
}
}
void addrecord()
{
struct info *add;
char ans='y';
while (ans=='y')
{
add=(struct info*)malloc(sizeof(struct info));
printf("\n Enter the names:\n");
gets(add->name);
fflush(stdin);
printf("\n Enter the enrollment number:\n");
scanf("%d",&add->eno);
fflush(stdin);
if (head==NULL)
{
head=add;
add->next=NULL;
temp=add;
}
else
{
temp->next=add;
add->next=NULL;
temp=add;
}
printf("\n Would you like to enter another name(y\\n): \n");
ans = getchar();
fflush(stdin);
}
}
void deleterecord()
{
struct info *delete;
int teno, present=0;
if (head==NULL)
{
printf("\n No records to delete\n");
return;
}
printf("\n Enter the enrollment number to be deleted \n");
scanf("%d",&teno);
fflush(stdin);
for (delete=head;delete!=NULL;delete=delete->next)
{
if (delete->eno==teno)
9
{
if (head->eno==teno)
{
delete=head;
head=head->next;
free(delete);
return;
}
else
{
temp->next=delete->next;
free(delete);
return;
}
}
temp=delete;
}
if (present==0)
printf("\nNo such enrollment number present\n");
}
void disrecord()
{
if (head==NULL)
{
printf("\n No records to view\n");
return;
}
for (disp=head;disp!=NULL;disp=disp->next)
{
printf("\n\n Name : %s",disp->name);
printf("\n\n Number : %d",disp->eno);
}
}
b) DOUBLY LINKED LIST:
#include<stdio.h>
#include<stdlib.h>
struct info
{
char name[30];
int eno;
struct info *next;
struct info *prev;
};
struct info *head=NULL,*temp,*disp;
void main()
{
void addrecord();
void disrecord();
1
0
int ch;
clrscr();
while (1)
{
scanf("%d",&ch);
fflush(stdin);
switch(ch)
{
case 1:addrecord();
break;
break;
break;
case 4:exit(0);
}
}
}
void addrecord()
{
struct info *add;
char ans='y';
while (ans=='y')
{
printf("\n Enter the names:\n");
gets(add->name);
fflush(stdin);
fflush(stdin);
if (head==NULL)
{
head=add;
add->next=NULL;
add->prev=NULL;
temp=add;
}
else
{
temp->next=add;
add->prev=temp;
add->next=NULL;
temp=add;
}
ans = getchar();
fflush(stdin);
}
1
1
}
void deleterecord()
{
struct info *del;
int teno;
if (head==NULL)
{
printf("\n No records to delete\n");
return;
}

scanf("%d",&teno);
fflush(stdin);
del=(struct info*)malloc(sizeof (struct info));

del=head->next;
if (head->eno==teno)
{
printf("\n Head data cannot be deleted\n");
return;
}
while(del)
{
if(del->eno==teno)
{
del->prev->next=del->next;
if (del->next!=NULL)
{
del->prev->next=del->next;
del->next->prev=del->prev;
}
else
{
head->next=temp->next=NULL;
temp=head;
}
return;
}
else
{
del=del->next;
}
}
printf("\nInvalid input\n");
}
void disrecord()
{
if (head==NULL)
{
1
2
return;
}
printf("\n From forward direction\n");
{
}
printf("\n Press any key to continue\n");
getchar();
printf("\n From backward direction\n");
for (disp=temp;disp!=NULL;disp=disp->prev)
{
}
c) CIRCULARLY LINKED LISTS:
#include<stdio.h>
#include<alloc.h>
#include<conio.h>
struct node
{
int data;
struct node *next;
};
struct node *head=NULL;
struct node *tail=NULL;
void main()
{
void addrecord();
void disrecord();
int ch;
clrscr();
do
{
scanf("%d",&ch);
fflush(stdin);
switch(ch)
{
case 1:addrecord();
break;
break;
break;
case 4:exit(0);
1
3
}
} while (ch!=4);
}
void addrecord()
{
int new_data;
char ans='y';
struct node *ptr,*prev,*temp;
clrscr();
while (ans=='y')
{
temp=(struct node*)malloc(sizeof(struct node));
printf("\n Enter the new element:\n");
scanf("%d",&new_data);
fflush(stdin);
temp->data=new_data;
temp->next=NULL;
if (head==NULL)
{
head=tail=temp;
temp->next=head;
}
else
{
tail->next=temp;
tail=temp;
}
printf("\n Would you like to enter another data(y\\n): \n");
ans = getchar();
fflush(stdin);
}
}
void deleterecord()
{
struct node *ptr,*prev,*delnode;
int elt;

scanf("%d",&elt);
fflush(stdin);
if (head==NULL)
{
printf("\n No elements in the list \n");
return;
}
else
{
if (head->data==elt)
{
delnode=head;
if (head==tail)
1
4
head=tail=NULL;
else
{
head=head->next;
tail->next=head;
}
}
else if (tail->data==elt)
{
for(ptr=head;(ptr!=tail);prev=ptr,ptr=ptr->next);
delnode=tail;
tail=prev;
tail->next=head;
}
else
{
for(prev=ptr=head;(ptr->data!=elt)&&(ptr!=tail);
prev=ptr,ptr=ptr->next);
if(ptr->data==elt)
{
delnode=ptr;
prev->next=ptr->next;
printf("yes...");
}
else
{
printf("Given element not found in the list");
getch();
return;
}
}
}
free(delnode);
}
void disrecord()
{
struct node *ptr,*prev=NULL;
if (head==NULL)
{
return;
}
printf("\n The elements in the circular list are\n");
for (ptr=head;prev!=tail;prev=ptr,ptr=ptr->next)
printf("\n\n %d",ptr->data);
printf(" NULL\n\n ");
getch();
}
2. PROGRAM TO ACCEPT 2 SINGLY LINKED LISTS & PRINT A SINGLY LINKED LIST
THOSE ELEMENTS ARE COMMON IN BOTH THE LIST.
1
5
#include<stdio.h>
#include<stdlib.h>
struct info
{
int num;
struct info *next;
};
struct node
{
int num1;
struct node *next1;
};
struct com
{
int num2;
struct com *next2;
};
struct info *temp,*disp,*head;

struct node *temp1,*disp1,*head1;
struct com *temp2,*disp2,*head2=NULL;
void addrecord();
void disrecord();
void main()
{
int ch;
clrscr();
while (1)
{
scanf("%d",&ch);
fflush(stdin);
switch(ch)
{
case 1:addrecord();
break;
case 2:disrecord();
break;
case 3: exit(0);
}
}
}
void addrecord()
{
struct info *add;
struct node *add1;
1
6
char ans='y';
char choice='y';
while (ans=='y')
{
printf("\n Enter the element of the first list:\n");
scanf("%d",&add->num);
fflush(stdin);
if (head==NULL|| head->num>=add->num)
{
add->next=head;
head=add;
}
else
{
temp=head;
while (temp->next!=NULL && temp->next->num < add->num)
{
temp=temp->next;
}
add->next=temp->next;
temp->next=add;
}
ans = getchar();
}
while (choice=='y')
{
add1=(struct node*)malloc(sizeof(struct node));
printf("\n Enter the element of the second list:\n");
scanf("%d",&add1->num1);
fflush(stdin);
if (head1==NULL|| head1->num1>=add1->num1)
{
add1->next1=head1;
head1=add1;
}
else
{
temp1=head1;
while (temp1->next1!=NULL && temp1->next1->num1 < add1->num1)
{
temp1=temp1->next1;
}
add1->next1=temp1->next1;
temp1->next1=add1;
}
choice = getchar();
fflush(stdin);
}
}
1
7
void disrecord()
{
struct com *add2;
if (head==NULL)
{
return;
}
{
printf("\n\n Number : %d",disp->num);
}
for (disp1=head1;disp1!=NULL;disp1=disp1->next1)
{
printf("\n\n Number : %d",disp1->num1);
}
{
{
if (disp->num==disp1->num1)
{
add2=(struct com*)malloc(sizeof(struct com));
add2->num2=disp->num;
printf("%d",add2->num2);
if(head2==NULL)
{
head2= add2;
add2->next2=NULL;
temp2=add2;
}
else
{
temp2->next2=add2;
add2->next2=NULL;
temp2=add2;
}
}
}
}
printf("\n Sorted list is \n\n");
{
printf("\n\n Number : %d",disp2->num2);
}
3. PROGRAM TO ACCEPT A SINGLY LINKED LIST OF INTEGERS & SORT THE LIST IN
ASCENDING ORDER.
#include<stdio.h>
#include<stdlib.h>
struct info
{
char name[30];
1
8
int eno;
struct info *next;
};
struct info *temp,*disp,*head;
void addrecord();
void disrecord();
void main()
{
int ch;
clrscr();
while (1)
{
scanf("%d",&ch);
fflush(stdin);
switch(ch)
{
case 1:addrecord();
break;
case 2:disrecord();
break;
case 3: exit(0);
}
}
}
void addrecord()
{
struct info *add;
char ans='y';
while (ans=='y')
{
printf("\n Enter the name:\n");
gets(add->name);
fflush(stdin);
fflush(stdin);
if (head==NULL|| head->eno>=add->eno)
{
add->next=head;
head=add;
}
else
{
temp=head;
while (temp->next!=NULL && temp->next->eno < add->eno)
{
1
9
temp=temp->next;
}
add->next=temp->next;
temp->next=add;
}
ans = getchar();
fflush(stdin);
}
}
void disrecord()
{
if (head==NULL)
{
return;
}
{
}
}
SESSION 4: STACKS
1. PROGRAM TO CONVERT A PREFIX EXPRESSION TO A POSTFIX USING POINTERS
#include<stdio.h>
#include<string.h>
void push(char item[],int *top,char s[][20])

{
*top=*top+1;
strcpy(s[*top],item);
}
void *pop(int *top,char s[][20])

{
char *item;
item=s[*top];
*top=*top-1;
return item;
}
void pre_post(char prefix[],char postfix[])

{
char s[20][20];
int top,i;
char symbol,temp[2];
char *op1,*op2;
top=-1;
strrev(prefix);
for(i=0;i<strlen(prefix);i++)
2
0
{
symbol=prefix[i];
temp[0]=symbol;
temp[1]='\0';
switch (symbol)
{
case '+':
case '-':
case '*':
case '/':
case '^':
op1=pop(&top,s);
op2=pop(&top,s);
strcpy(postfix,op1);
strcat(postfix,op2);
strcat(postfix,temp);
push(postfix,&top,s);
break;
default:
push(temp,&top,s);
}
}
void main()
{
char prefix[20];
char postfix[20];
printf("\n\n Enter the prefix expression \n\n");
scanf("%s",prefix);
pre_post(prefix,postfix);
printf("\n\n The postfix expression is %s \n\n",postfix);
}
2. PROGRAM TO REVERSE AN INPUT STRING
#include<stdio.h>
#include<string.h>
#define STACK_SIZE 20
void push(char item,int *top,char s[])
{
if (*top==STACK_SIZE-1)
{
printf("\n stack overflow\n");
return;
}
s[++(*top)]=item;
}
char pop(int *top,char s[])

{
char item_deleted;
if (*top==-1)
{
2
1
return 0;
}
item_deleted=s[(*top)--];
return item_deleted;
}
int is_rev(char str[])

{
int i;
int top=-1;
char s[30] ;
char stk_item=0;
for(i=0;i<strlen(str);i++)
{
push (str[i],&top,s);
}
printf("\n The reversed string is:");
for(i=0;i<strlen(str);i++)
{
stk_item= pop (&top,s);
printf("%c",stk_item);
}
getch();
}
void main()
{
char str[20];
clrscr();
printf("\n Enter the string to be reversed\n");
scanf("%s",str);
is_rev(str);
}
SESSION-6: TREES & BINARY TREES
1. PROGRAM FOR THE CREATION OF BINARY TREE, PROVIDE INSERTION& DELETION.
#include<stdio.h>
#include<conio.h>
#include<alloc.h>
struct node
{
int data;
struct node *left,*right;
};
struct node *root;
void insert(int x)
{
struct node *p,*previous,*current;
p=(struct node *)malloc(sizeof(struct node));
if(p==NULL)
{
printf("\n Out of memory");
}
2
2
p->data=x;
p->left=NULL;
p->right=NULL;
if(root=NULL)
{
root=p;
return;
}
previous=NULL;
current=root;
while(current!=NULL)
{
previous=current;
if(p->data<current->data)
current=current->left;
else
current=current->right;
}
if(p->data<previous->data)
previous->left=p;
else
previous->right=p;
}
void inorder(struct node *t)
{
if (t!=NULL)
{
inorder(t->left);
printf("\n %5d",t->data);
inorder (t->right);
}
}
void del(int x)
{
int tright=0,tleft=0;
struct node *ptr=root;
struct node *parent=root;
struct node *t1=root;
struct node *temp=root;
while(ptr!=NULL&& ptr->data!=x)
{
parent=ptr;
if (x<ptr->data)
ptr=ptr->left;
else
ptr=ptr->right;
}
if (ptr==NULL)
{
printf("\n Delete element not found");
return ;
}
else if(t1->data==x && (t1->left ==NULL || t1->right==NULL))
if(t1->left==NULL)
t1=t1->right;
else
2
3
t1=t1->left;
else if (ptr->left==NULL)
if (x<parent->data)
parent->left=ptr->right;
else
parent->right=ptr->right;
else if (ptr->right==NULL)
if (x<parent->data)
parent->left=ptr->left;
else
parent->right=ptr->left;
else
{
temp=ptr;
parent=ptr;
if((ptr->left)>=(ptr->right))
{
ptr=ptr->left;
while(ptr->right!=NULL)
{
tright=1;
parent=ptr;
ptr=ptr->right;
}
temp->data=ptr->data;
if(tright)
parent->right=ptr->left;
else
parent->left=ptr->left;
}
else
{
ptr=ptr->right;
while (ptr->left!=NULL)
{
tleft=1;
parent=ptr;
ptr=ptr->left;
}
temp->data=ptr->data;
if(tleft)
parent->left=ptr->right;
else
parent->right=ptr->right;
}
free(ptr);
}
}
void main()
{
int op,n,srchno;
root=(struct node *)malloc(sizeof(struct node));
root->data=30;
root->right=root->left=NULL;
2
4
clrscr();
do
{
printf("\n 1.Insertion");
printf("\n 2.Deletion");
printf("\n 3.Inorder");
printf("\n 4.Quit");
scanf("%d",&op);
switch (op)
{
case 1: printf("\n Enter the element to insert\n");
scanf("%d",&n);
insert(n);
break;
case 2: printf("\n Enter the element to be deleted\n");
scanf("%d",&srchno);
del(srchno);
break;
case 3: printf("\n The inorder elements are\n");
inorder(root);
getch();
break;
default: exit(0);
}
}while(op<4);
getch();
2. PROGRAM FOR PRE-ORDER,POST-ORDER & IN-ORDER TRAVERSALS OF A BINARY

TREE.
#include<stdio.h>
#include<conio.h>
#include<alloc.h>
struct node
{
int data;
struct node *left,*right;
};
struct node *root;
void ins(struct node *n,int val,int opt)

{
struct node *t;
t=(struct node *)malloc(sizeof(struct node));
t->data=val;
t->right=t->left=NULL;
if (opt==1)
n->left=t;
else
n->right=t;
printf("\n %d is inserted",val);
2
5
if (opt==1)
{
printf("\tat the left\n");
getch();
}
else
{
printf("\tat the right\n");
getch();
}
}
void inser(struct node *t,int x)

{
if (t->data >x)
if (t->left==NULL)
ins(t,x,1);
else
inser(t->left,x);
else if (t->data < x)
if (t->right==NULL)
ins(t,x,2);
else
inser(t->right,x);
else
printf("\n Element is already present in the list\n");
}
void inorder(struct node *p)

{
if (p!=NULL)
{
inorder(p->left);
printf("\n %5d",p->data);
inorder (p->right);
}
}
void preorder(struct node *p)

{
if (p!=NULL)
{
preorder(p->left);
preorder (p->right);
}
}
void postorder(struct node *p)

{
if (p!=NULL)
{
preorder(p->left);
preorder (p->right);
}
2
6
}
void main()
{
int op,n;
root=(struct node *)malloc(sizeof(struct node));
root->data=30;
root->right=root->left=NULL;
clrscr();
do
{
printf("\n 1.Insertion");
printf("\n 2.Preorder");
printf("\n 3.Inorder");
printf("\n 4.Postorder");
printf("\n 5.Quit");
scanf("%d",&op);
switch (op)
{
case 1: printf("\n Enter the element to insert\n");
scanf("%d",&n);
inser(root,n);
break;
case 2: printf("\n The preorder elements are\n");
preorder(root);
getch();
break;
case 3: printf("\n The inorder elements are\n");
inorder(root);
getch();
break;
case 4: printf("\n The postorder elements are\n");

postorder(root);
getch();
break;
default: exit(0);
}
}while(op<5);
getch();
SESSION-9: SEARCHING & SORTING
1. PROGRAM TO IMPLEMENT LINEAR SEARCH USING POINTERS.
#include<stdio.h>
void main()
{
int *a[100],i,no,*srchno;
clrscr();
printf("\n Enter the number of elements\n");
2
7
scanf("%d",&no);
printf("\n Enter %d numbers\n",no);
for(i=0;i<no;++i)
scanf("%d",&a[i]);
printf("Enter the search number\n");
for(i=0;i<no;++i)
if(srchno==a[i])
{
printf("\n search number is present");
exit(0);
}
printf("\n Search number is not present");
}
2. PROGRAM TO IMPLEMENT BINARY SEARCH USING POINTERS.
#include<stdio.h>
void main()
{
int *a[100],i,no,*srchno,top,bottom,mid,j,*temp;
clrscr();
scanf("%d",&no);
for(i=0;i<no;++i)
scanf("%d",&a[i]);
printf("Enter the search number\n");
for(i=0;i<no-1;++i)
for(j=i+1;j<no;++j)
if(a[i]>a[j])
{
temp=a[i];
a[i]=a[j];
a[j]=temp;
}
printf("\n Sorted array in ascending order\n");
for(i=0;i<no;++i)
printf("%5d",a[i]);
bottom=0;
top=no-1;
while(top!=bottom+1)
{
mid=(bottom+top)/2;
if (a[mid]<=srchno)
bottom=mid;
else
top=mid;
}
if(a[bottom]==srchno)
printf("\n search number is present");
else
printf("\n Search number is not present");
}
2
8
3. PROGRAM TO IMPLEMENT QUICK SORT USING POINTERS.
#include<stdio.h>
int *x[100],no,i;
void display();
void sort();
void main()
{
clrscr();
scanf("%d",&no);
for(i=0;i<no;++i)
scanf("%d",&x[i]);
sort(0,no-1);
display();
}
void display ()
{
printf("\n Sorted elements are:\n");
for(i=0;i<no;++i)
printf("%5d",x[i]);
getch();
}
void sort(int first,int last)

{
int *temp,*pivot,i,j;
if (first<last)
{
pivot=x[first];
i=first;
j=last;
while(i<j)
{
while(x[i]<=pivot && i<last)
i++;
while(x[j]>=pivot && j>first)
j--;
if(i<j)
{
temp=x[i];
x[i]=x[j];
x[j]=temp;
}
}
temp=x[first];
x[first]=x[j];
2
9
x[j]=temp;
sort(first,j-1);
sort(j+1,last);
}
}
4. PROGRAM TO IMPLEMENT HEAP SORT USING POINTERS.
#include<stdio.h>
int *x[100],no,i;
void buildheap();
void sort();
void main()
{
clrscr();
scanf("%d",&no);
for(i=1;i<=no;++i)
scanf("%d",&x[i]);
buildheap();
sort();
for(i=1;i<=no;++i)
printf("%5d",x[i]);
getch();
}
void buildheap()
{
int j,k,*temp;
for(k=2;k<no;++k)
{
i=k;
temp=x[k];
j=i/2;
while((i>1)&&(temp>x[j]))
{
x[i]=x[j];
i=j;
j=i/2;
if(j<1)j=1;
}
x[i]=temp;
}
}
void sort()
{
int *temp,*value,j,k;
for(k=no;k>=2;--k)
{
temp=x[1];
x[1]=x[k];
3
0
x[k]=temp;
i=1;
value=x[1];
j=2;
if ((j+1)<k)
if(x[j+1]>x[j])
j++;
while((j<=(k-1))&&(x[j]>value))
{
x[i]=x[j];
i=j;
j=2*i;
if ((j+1)<k)
if(x[j+1]>x[j])
j++;
else
if(j>no)
j=no;
x[i]=value;
}
}
5. PROGRAM TO IMPLEMENT 2-WAY MERGE SORT USING POINTERS.
#include<stdio.h>
int *a[100],*b[100],*c[100],i,j,k,item1,item2;
void main()
{
clrscr();
printf("\n Enter the number of elements in the first array\n");
scanf("%d",&item1);
printf("\n Enter %d numbers\n",item1);
for(i=0;i<item1;++i)
scanf("%d",&a[i]);
printf("\n Enter the number of elements in the second array\n");
scanf("%d",&item2);
printf("\n Enter %d numbers\n",item2);
scanf("%d",&b[i]);
input1();
input2();
sort();
printf("Sorted merged array is:\n");
display();
}
input1()
{
bsort(a,item1);
printf("\n Sorted first array\n");
printf("%d\n",a[i]);
}
input2()
3
1
{
bsort(b,item2);
printf("\n Sorted second array\n");
printf("%d\n",b[i]);
}
bsort(int *m[],int n)
{
int swap=1,*temp;
for(i=0;i<n && swap==1;++i)
{
swap=0;
for(j=0;j<n-(i+1);++j)
if (m[j]>m[j+1])
{
temp=m[j];
m[j]=m[j+1];
m[j+1]=temp;
swap=1;
}
}
}
display()
{
for (i=0;i<item1+item2;++i)
printf("%d\n",c[i]);
}
sort()
{
int i,j,k;
i=j=k=0;
while ((i<item1)&& (j<item2))
{
if (a[i]<b[j])
{
c[k]=a[i];
i++;
k++;
}
else
{
if (a[i]>b[j])
{
c[k]=b[j];
j++;
k++;
}
else
{
c[k]=a[i];
i++;
j++;
k++;
3
2
}
}
}
while(i<item1)
{
c[k]=a[i];
i++;
k++;
}
while(j<item2)
{
c[k]=b[j];
j++;
k++;
}
}
}
6. PROGRAM TO IMPLEMENT BUBBLE SORT USING POINTERS.
#include<stdio.h>
int *a[100],i,j,item;
void main()
{
void sort(),display();
int i;
clrscr();
printf("\n Enter the number of elements in the first array\n");
scanf("%d",&item);
printf("\n Enter %d numbers\n",item);
for(i=0;i<item;++i)
scanf("%d",&a[i]);
sort();
display();
}
void sort()
{
int swap=1,*temp;
for(i=0;i<item && swap==1;++i)
{
swap=0;
for(j=0;j<item-(i+1);++j)
if (a[j]>a[j+1])
{
temp=a[j];
a[j]=a[j+1];
a[j+1]=temp;
swap=1;
}
}
}
void display()
{
3
3
for(i=0;i<item;++i)
printf("%d\n",a[i]);
getch();
}
OPERATING SYSTEM
3
4
Session 1: Network Configuration
Exercise 1:- Run the following commands and write the use of each command:
a. Ipconfig
Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration
Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays
the IP address, subnet mask, and default gateway for all adapters.
Parameters
/all : Displays the full TCP/IP configuration for all adapters. Without this parameter, ipconfig displays
only the IP address, subnet mask, and default gateway values for each adapter. Adapters can represent
physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.
/renew [Adapter] : Renews DHCP configuration for all adapters (if an adapter is not specified) or for a
specific adapter if the Adapter parameter is included. This parameter is available only on computers with
adapters that are configured to obtain an IP address automatically. To specify an adapter name, type the
adapter name that appears when you use ipconfig without parameters.
/release [Adapter] : Sends a DHCPRELEASE message to the DHCP server to release the current DHCP
configuration and discard the IP address configuration for either all adapters (if an adapter is not specified)
or for a specific adapter if the Adapter parameter is included. This parameter disables TCP/IP for adapters
configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that
appears when you use ipconfig without parameters.
/flushdns : Flushes and resets the contents of the DNS client resolver cache. During DNS troubleshooting,
you can use this procedure to discard negative cache entries from the cache, as well as any other entries
that have been added dynamically.
/displaydns : Displays the contents of the DNS client resolver cache, which includes both entries
preloaded from the local Hosts file and any recently obtained resource records for name queries resolved
by the computer. The DNS Client service uses this information to resolve frequently queried names
quickly, before querying its configured DNS servers.
/registerdns : Initiates manual dynamic registration for the DNS names and IP addresses that are
configured at a computer. You can use this parameter to troubleshoot a failed DNS name registration or
resolve a dynamic update problem between a client and the DNS server without rebooting the client
computer. The DNS settings in the advanced properties of the TCP/IP protocol determine which names are
registered in DNS.
3
5
/showclassid Adapter : Displays the DHCP class ID for a specified adapter. To see the DHCP class ID for
all adapters, use the asterisk (*) wildcard character in place of Adapter. This parameter is available only on
computers with adapters that are configured to obtain an IP address automatically.
/setclassid Adapter [ClassID] : Configures the DHCP class ID for a specified adapter. To set the DHCP
class ID for all adapters, use the asterisk (*) wildcard character in place of Adapter. This parameter is
available only on computers with adapters that are configured to obtain an IP address automatically. If a
DHCP class ID is not specified, the current class ID is removed.
b. Ping
Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol
(ICMP) Echo Request messages. The receipt of corresponding Echo Reply messages are displayed, along
with round-trip times. Ping is the primary TCP/IP command used to troubleshoot connectivity,
reachability, and name resolution. Used without parameters, ping displays help.
C:\>ping example.microsoft.com
Pinging example.microsoft.com [192.168.239.132] with 32 bytes of data:
Reply from 192.168.239.132: bytes=32 time=101ms TTL=124
c. diskperf
Both Logical and Physical Disk Performance counters on this system are automatically enabled on
demand.
For legacy applications using IOCTL_DISK_PERFORMANCE to retrieve raw counters,
you can use -Y or -N to forcibly enable or disable. No reboot is required.
d. Netstat
Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP
routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6,
ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active
TCP connections.
To display both the Ethernet statistics and the statistics for all protocols, type the following command:
netstat -e -s
To display the statistics for only the TCP and UDP protocols, type the following command:
netstat -s -p tcp udp
To display active TCP connections and the process IDs every 5 seconds, type the following command:
nbtstat -o 5
To display active TCP connections and the process IDs using numerical form, type the following
command:
nbtstat -n -o
3
6
e. Pathping
Provides information about network latency and network loss at intermediate hops between a source and
destination. Pathping sends multiple Echo Request messages to each router between a source and
destination over a period of time and then computes results based on the packets returned from each router.
Because pathping displays the degree of packet loss at any given router or link, you can determine which
routers or subnets might be having network problems. Pathping performs the equivalent of the tracert
command by identifying which routers are on the path. It then sends pings periodically to all of the routers
over a specified time period and computes statistics based on the number returned from each. Used
without parameters, pathping displays help.
f. Tftp
Transfers files to and from a remote computer, typically a computer running UNIX, that is running the
Trivial File Transfer Protocol (TFTP) service or daemon. Used without parameters, tftp displays help.
g. Fc
Compares two files and displays the differences between them.
h. Nbtstat
Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local
computer and remote computers, and the NetBIOS name cache. Nbtstat allows a refresh of the NetBIOS
name cache and the names registered with Windows Internet Name Service (WINS). Used without
parameters, nbtstat displays help.
i. Rcp
Copies files between a Windows XP computer and a system running rshd, the remote shell service
(daemon). Windows XP and Windows 2000 do not provide rshd service. Used without parameters, rcp
displays help.
j. Lpr
Sends a file to a computer running Line Printer Daemon (LPD) in preparation for printing. Used without
parameters, lpr displays command-line help for the lpr command.
Syntax
Lpr [-S ServerID] -P PrinterName [-C BannerContent] [-J JobName] [{-o | -o l}] [-d] [-x] FileName
Tracert
Determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo
Request messages to the destination with incrementally increasing Time to Live (TTL) field values. The
path displayed is the list of near-side router interfaces of the routers in the path between a source host and
a destination. The near-side interface is the interface of the router that is closest to the sending host in the
path. Used without parameters, tracert displays help.
3
7
Nslookup
Displays information that you can use to diagnose Domain Name System (DNS) infrastructure. Before
using this tool, you should be familiar with how DNS works. The Nslookup command-line tool is
available only if you have installed the TCP/IP protocol.
Route
Displays and modifies the entries in the local IP routing table. Used without parameters, route displays
help.
Syntax
route [-f] [-p] [Command [Destination] [mask Netmask] [Gateway] [metric Metric]] [if Interface]]
Lpq
Displays the status of a print queue on a computer running Line Printer Daemon (LPD). Used without
parameters, lpq displays command-line help for the lpq command.
Syntax
lpq -S ServerName -P PrinterName [-l]
Rsh
Runs commands on remote computers running the RSH service or daemon. Windows XP and
Windows 2000 do not provide an RSH service. An RSH service called Rshsvc.exe is provided with the
Windows 2000 Server Resource Kit. Used without parameters, rsh displays help.
Syntax
rsh [Host] [-l UserName] [-n] [Command]
Chkdsk
Creates and displays a status report for a disk based on the file system. Chkdsk also lists and corrects
errors on the disk. Used without parameters, chkdsk displays the status of the disk in the current drive.
Syntax
chkdsk [volume:][[Path] FileName] [/f] [/v] [/r] [/x] [/i] [/c] [/l[:size]]
Hostname
Displays the host name portion of the full computer name of the computer.
net account
The syntax of this command is:
NET [ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |

HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION |
SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW]
Exercise 2:
3
8
Arp
Displays and modifies entries in the Address Resolution Protocol (ARP) cache, which contains one or
more tables that are used to store IP addresses and their resolved Ethernet or Token Ring physical
addresses. There is a separate table for each Ethernet or Token Ring network adapter installed on your
computer. Used without parameters, arp displays help.
C:\Documents and Settings\sandipo>arp -a
Interface: 10.115.4.157 --- 0x10003

Internet Address Physical Address Type
10.115.4.1 00-05-5e-37-07-02 dynamic
Exercise 3:
Ipxroute
Displays and modifies information about the routing tables used by the IPX protocol. Used without
parameters, ipxroute displays the default settings for packets that are sent to unknown, broadcast, and
multicast addresses.
Syntax
ipxroute servers [/type=x]
ipxroute ripout network
ipxroute resolve {guid | name} {guid | AdapterName}
ipxroute board=n [def] [gbr] [mbr] [remove=xxxxxxxxxxxx]
ipxroute config
Parameters
servers [/type=x] : Displays the Service Access Point (SAP) table for the specified server type. x must be
an integer. For example, /type=4 displays all file servers. If you do not specify /type, ipxroute servers
displays all types of servers, listing them by server name.
ripout network : Discovers if network is reachable by consulting the IPX stack's route table and sending
out a rip request if necessary. Network is the IPX network segment number.
resolve {guid | name} {guid | AdapterName} : Resolves the name of the guid to its friendly name, or the
friendly name to its guid.
board=n : Specifies the network adapter for which to query or set parameters.
def : Sends packets to the ALL ROUTES broadcast. If a packet is transmitted to a unique Media Access
Card (MAC) address that is not in the source routing table, ipxroute sends the packet to the SINGLE
ROUTES broadcast by default.
gbr : Sends packets to the ALL ROUTES broadcast. If a packet is transmitted to the broadcast address
(FFFFFFFFFFFF), ipxroute sends the packet to the SINGLE ROUTES broadcast by default.
mbr : Sends packets to the ALL ROUTES broadcast. If a packet is transmitted to a multicast address
(C000xxxxxxxx), ipxroute sends the packet to the SINGLE ROUTES broadcast by default.
remove=xxxxxxxxxxxx : Removes the given node address from the source routing table.
config : Displays information about all of the bindings for which IPX is configured.
3
9
Exercise 4:
With Netsh.exe you can easily view your TCP/IP settings. Type the following command in a Command
Prompt window (CMD.EXE):
netsh interface ip show config
With Netsh.exe, you can easily configure your computer's IP address and other TCP/IP related
settings. For example:
The following command configures the interface named Local Area Connection with the static IP address
192.168.0.100, the subnet mask of 255.255.255.0, and a default gateway of 192.168.0.1:
netsh interface ip set address name="Local Area Connection" static 192.168.0.100 255.255.255.0
192.168.0.1
Exercise 6:
Routing is configured on a W2K Server / Windows Server 2003 machine by use of the RRAS snap-
in. However, this console is NOT available on a W2K Pro or XP Pro machine.
If you have 2 small network segments populated with no more than a handful of computers per
segment, you CAN use a W2K Pro / XP Pro machine as a router between these segments.
First, you need to install at least 2 NICs on the machine.
Now you need to configure each NIC with the appropriate IP address for the segments that it's
connected to.
Next, you need to configure that IP as the Default Gateway for all the computers on that NIC.
For example, if you have 2 segments (we'll call them Segment A and Segment B respectively) with
the following Network IDs:
 Segment A - 192.168.0.0/24
 Segment B - 192.168.1.0/24
(/24 means 255.255.255.0 )

and on your computer you have 2 NICs (we'll call them NIC A and NIC B respectively) with the
following IP addresses:
 NIC A - 192.168.0.1
 NIC B - 192.168.1.1
Then the IP addresses of NIC A and NIC B will be the Default Gateways for segment A and B
respectively.
Next, you need to configure IP Routing between the segments. As I said, this feature is not
configurable via any GUI in W2K Pro and XP Pro, so you'll need to edit the registry:
1. In the Run command type Regedit.exe and press Enter.
4
0
2. In the registry navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3. Select the "IPEnableRouter" entry (by default the value is 0) and change it's value to 1.
4. Close Regedit.
5. Reboot.
NETSH (Win2k &standard command in XP)
Configure interfaces, routing protocols, filters, routes, RRAS, .

Syntax
NETSH [-r router name] [-a AliasFile] [-c Context] [Command | -f ScriptFile]
Key
context may be any of:
DHCP, ip, ipx, netbeui, ras, routing,
autodhcp, dnsproxy, igmp, mib, nat, ospf, relay, rip, wins.
Under Windows XP the available contexts are:

AAAA, DHCP, DIAG, IP, RAS, ROUTING, WINS
To display a list of commands that can be used in a context, type the

context name followed by a space and a ? at the netsh> command prompt.
e.g.
netsh> routing ?
command may be any of:
/exec script_file_name
Load the script file and execute commands from it.
/offline
Set the current mode to offline.
changes made in this mode are saved, but require a "commit"
or "online" command to be set in the router.
/online
Set the current mode to online.
Changes in this mode are immediately reflected in the router.
/commit Commit any changes made in the offline mode to the router.
/popd Pop a context from the stack.
/pushd Push current context onto the stack.
/set mode [mode =] online | offline

Set the current mode to online or offline.
/abort Discard changes made in offline mode.
/add helper DLL-name

Install the helper .dll file in netsh.exe.
4
1
/delete helper .dll file name
Remove the helper .dll file from Netsh.exe.
/show alias list all defined aliases.

/show helper list all top-level helpers.
/show mode show the current mode.
/alias List all aliases.
/alias [alias_name]
Display the string value of the alias.
/alias [alias_name] [string1] [string2 ...]

Set alias_name to the specified strings.
/unalias alias_name
Delete an alias.
/dump - file name

Dump or append configuration to a text file.
/bye Exit NETSH

/exit Exit NETSH
/quit Exit NETSH
/h Display help
/help Display help
/? Display help
4
2
Session 5:-
Exercise 2: Add different users and groups. Also configure their permission.
To add a new user to the computer
When you add a user to your computer, you are allowing that individual to have access to files and
programs on your computer.
The steps to perform this task differ depending on whether your computer is a member of a network
domain or is part of a workgroup (or is a stand-alone computer).
My computer is on a domain
You must be logged on as an administrator or a member of the Administrators group in order to complete
this procedure. If your computer is connected to a network, network policy settings might also prevent you
from completing this procedure.
1. Open User Accounts in Control Panel.

2. On the Users tab, click Add.
3. Follow the instructions on the screen to add a new user.
 Add New User gives an existing domain user permission to use the computer.
 You can only add existing domain users by using User Accounts. To add a new local user, on the
Advanced tab, click the Advanced button. In Local Users and Groups, click Users, and then on
the Action menu, click New User.
 You should not add a new user to the Administrators group unless the user will perform only
administrative tasks. For more information, click Related Topics.
My computer is not on a domain

You must have a computer administrator account on the computer to add a new user to the computer.
1. Open User Accounts in Control Panel.

2. Click Create a new account.
3. Type a name for the new user account, and then click Next.
4. Click Computer administrator or Limited, depending on the type of account you want to assign
to the new user, and then click Create Account.
 The name you assign to the account is the name that will appear on the Welcome screen and the
Start menu.
 The first user you add to the computer must be assigned a computer administrator account.
To change a user's group or account type
When your computer is part of a network domain, users are assigned to user groups and are granted the
rights and permissions granted to the group. When your computer is part of a workgroup or is a stand-
alone computer, users are assigned types of user accounts and are granted the rights and permissions
associated with the user account.
4
3
The steps to perform this task differ depending on whether your computer is a member of a network
domain or is part of a workgroup (or is a stand-alone computer).
Exercise 3:- Connect and configure your computer with a Network Printer.
To add a printer attached to your computer
1. Connect the printer to the appropriate port on your computer according to the printer
manufacturer's documentation, and verify that it is ready to print.
2. Although Windows automatically detects and installs most printers, you might need to
provide additional information to complete the installation. Choose from the following,
depending on the type of printer you have.
Install a parallel port (LPT) attached printer
Install a USB or IEEE 1394 printer

universal serial bus (USB)IEEE 1394
Install an infrared printer

infrared capable devicesstatus areataskbar
3. If you could not install your printer using Plug and Play , or if the printer is attached to
your computer with a serial (COM) port, then open Printers
4. Double-click Add Printer to start the Add Printer wizard, and then click Next.
5. Click Local printer, and then click Next.

6. Follow the instructions on the screen to finish setting up the printer by selecting a printer
port, selecting the manufacturer and model of your printer, and typing a name for your
printer.
In Windows 2000 Server, the Add Printer wizard shares the printer and publishes it in
Active Directory by default, unless you select Do not share this printer in the wizard's
Printer Sharing screen. In Windows 2000 Professional, the Add Printer wizard doesn't
share the printer automatically; you need to select Share as to share and publish the
printer.
 To open Printers, click Start, point to Settings, and then click Printers.
 If you add and set up a Plug-and-Play printer (USB, IEEE 1394, LPT, Infrared, etc.), you do
not need to have administrative privileges. However, to add and set up a non Plug-and-Play
printer connected directly to your computer, you must be logged on as an administrator or a
member of the Administrators group. If your computer is connected to a network, network
policy settings may also prevent you from completing this procedure.
 If you intend to share the printer with clients other than Windows 2000, you need to install
the appropriate printer drivers for these clients on the print server. When clients on
Windows NT 4.0, Windows 95, and Windows 98 connect to the printer, the system
automatically downloads the correct driver to the client.
 When you are adding a new printer that is connected to a computer and the Add Printer
wizard prompts you to select the printer port, you normally select from the Existing list one
4
4
of the parallel (LPT) ports. For some plotters you might need to select one of the serial
(COM) ports.
 The following Group Policy settings can change the default behavior of the Windows 2000
Server Add Printer wizard:
Allow printers to be published is enabled by default; you can disable it to prevent printers
from being published.
Automatically publish new printers in the Active Directory is enabled by default; you
can disable it to prevent the Add Printer wizard from automatically publishing printers when
adding a new printer.
Display the down level page in the Add Printer wizard is enabled by default; you can
disable it to prevent the Add Printer wizard from browsing the network for shared printers.
Share your printer
To share your printer
1. Open Printers
2. Right-click the printer you want to share, and then click Sharing.
3. On the Sharing tab, click Shared as and then type a name for the shared printer
If you share the printer with users on different hardware or different operating systems,
click Additional Drivers. Click the environment and operating system for the other
computers, and then click OK to install the additional drivers
If you are logged on to a Windows 2000 domain , you can make the printer available
to other users on the domain by clicking List in the Directory to publish the printer in
the Directory.
4. Click OK, or if you have installed additional drivers, click Close.
Note
 Printers are not shared by default when you install them on Windows 2000 Professional, but
you can choose to share any printer you install on your computer. (On Windows 2000
Server, the printer is shared by default when you add the printer.)
 When you publish a printer in Active Directory , other users logged onto the
Windows 2000 domain will be able to search for the printer based on its location and
features such as how many pages it prints per minute and whether color printing is
supported.
To set or remove permissions for a printer
1. Open Printers
2. Right-click the printer for which you want to set permissions, click Properties, and then
click the Security tab.
4
5
3. Do one of the following:
 To change or remove permissions from an existing user or group, click the

name of the user or group.
 To set up permissions for a new user or group, click Add. In Name, type the
name of the user or group you want to set permissions for, click Add, and then
click OK to close the dialog box.
4. In Permissions, click Allow or Deny for each permission you want to allow or deny, if
necessary. Or, to remove the user or group from the permissions list, click Remove.
Note
 To change device settings, you must have the Manage Printers permission. For information
about printing security permissions, see Related Topics.
 To view or change the underlying permissions that make up Print, Manage Printers, and
Manage Documents, click the Advanced button.
 A printer must be shared in order for the permission settings to affect the users and groups
listed.
 You can also view the permissions assigned to you by clicking the group you belong to on
the Security tab. For information on finding out what group you belong to, see Related
Topics.
Exercise 4:- Install and configure Windows 2000 Active Directory and Domain Controller.
You can install Active Directory by selecting "Start", "Run", and typing "Dcpromo.exe" in the text box or
follow the following selections:
1. Click "Administrative Tools".

2. Select "Configure Your Server".
3. Select "Active Directory Installation Wizard".
Directory Service Client

On non Windows 2000 systems, the Directory Service Client can be installed which will allow those
systems to:
 Search the Active Directory.

 Change passwords on domain controllers.
 Use D6 shares that are fault tolerant.
Internet Explorer 4.01 or later must be installed on any system that the Directory Service Client is to be
installed on in order for the install wizard to run. To install Directory Service Client:
1. Place the Windows 2000 CD in the CDROM drive.

2. Indicate that you do not want to upgrade Windows and close the dialog box.
3. Open a DOS prompt and change drives to the drive letter of the CDROM drive,
4
6
4. Type "cd \clients\win9x" and type "dsclient".
5. Follow the wizard prompts to complete the installation.
DNS
DNS is required to use Active Directory since clients use DNS to locate Active Directory controllers.
Servers and client computers register their names and IP addresses with the DNS server. The DNS server
must support Service Resource Records (SRVs) according to RFC 2052 and dynamic update protocol
according to RFC 2136. DNS can be installed with the Active Directory server or on a separate DNS
server.
Active Directory Installation Effects
 The server becomes a domain controller.

 A new Windows 2000 domain is created.
 A new domain tree and forest is created.
In each child domain, Active Directory must be installed on the first domain controller.
Verification of Active Directory

Select "Start", "Programs", "Administrative Tools", "Active Directory Users and Computers" and click the
+ next to the domain. Highlight the domain controllers folder, and the computer Active Directory was
installed on should appear in the right pane.
Domain Controllers hold copies of the user database and authenticate users in a Windows NT and
Windows 2000 Domain structure. In Windows NT, a domain contained a single Primary Domain
Controller (PDC) and several Backup Domain Controllers (BDC). In Windows 2000 there are no official
Primary Domain Controllers, only Domain Controllers (some of which can have special attributes). We've
put together a few resources to help you manage all of your domain controllers and keep them healthy.
Windows 2000: Configure Active Directory
You can continue the configuration at this time, but you can also select to close this windows
and to configure other items on the system or to install some other software, because this window
will be shown on each new logon until you have made the configuration and selected that this
windows will NOT be displayed anymore.
4
7
You can display
this
window at any
time by
selecting in the
menu
"Configure
Your Server",
which is part of
the
"Administrative
Tools"
There are multiple possibilities to configure a server for "Active Directory", depending on
whether you have a small network with just one server or a larger network with multiple server or
even a WAN with server in multiple countries.
In this installation example below, I assume that this is the only Windows 2000 server on the
network.
If you have no special needs for the configuration, then you can simply follow the instructions
of this wizard to configure your system:
- select "This is the only server in my network"
- continue with "Next":
4
8
This selection would "automatically configure" the server with all required components:
- the Active Directory
- a DHCP-server
- a DNS-server (which is required for the Active Directory)
4
9
Before allowing this wizard to reconfigure completely my system, I requested to
"Show more details":
5
0
The wizard would define for me the IP-address for the server and the subnet for my
complete network , which I did not like: I needed to use a different IP-address.
I decided therefore to cancel this step and to follow the advise to go back to "Home"
to select the other option : "One or more servers are already running in my network" :
5
1
No more fully automated installation by a wizard:
5
2
We need now to select manually the services to be installed from the menu on the left.
Lets select "Active Directory":
5
3
You have the
possibility to
read more about the
details
of domain
controller and
on how to define
multiple
domain-controllers
in a network.
( since this example
assumes only
ONE Windows
2000 server on the
network, I will not
discuss here the
terms "Tree" and
"Forest")
Important:
the installation of
the Active Directiry
requires that at least
ONE partition
on the harddisk is
formated with
NTFS.
If you do not yet
have such a
partition, you can
cancel here the
installation of the
Active Directory,
prepare a partition
in NTFS and
then restart this
configuration.
It is up to you to
decide, which
partition to use with
NTFS.
I personally prefer
to keep the
C-drive ("system
drive") in
FAT format, so I
formatted in this
example the F-drive
in NTFS .
Continue the
installation with
5
4
"Start the Active
Direcory Wizard"
just "Next"
We are installing the

first Domain Controller
5
5
Again, we are installing a
first domain controller and
for this domain, we need to
create a new domain tree.
Example: I will call below my

domain "JHHOME.COM".
If I would now create a
second domain called:
"SUPPORT.JHHOME.COM",
it would be part of the same
domain tree as JHHOME.COM
Like in nature, trees usually

grow in a forest , and using this
comparison, we need to define
the forest for our domain tree.
In general, each new

top-level domain name
(like: JHHOME.COM)
would be a new forest.
Since this is our first domain,

we need to create a new
"forest"
for our "Domain Tree"
(which is then the only tree
in our forest).
Here is a difference compared
to
nature: one tree is just one tree
and
not a forest, but with
computers, it is
just a matter of definition)
5
6
It is now required to define
the name of the new domain.
As I was used with Windows9x

and Windows NT4 networking,
I selected the name of the
workgroup to become the new
name of my domain.
However, note already the

exact message:
"Full DNS name for new
domain".
As you are used to see with
Internet Domain names, a
network Domain should have
now a second part separated
by a dot.
5
7
To avoid problems,
I am
redefining my
domain name
to be now:
"JHHOME.COM",
which looks like an
Internet
Domain name.
(I am not sure, but if
you insist on
using no "dot-
something",
Windows
2000 will add itself
".DOM" )
It does NOT matter,

whether
this name is
registered and in
use already on the
Internet,
because you will be
using it
only on your own
network,
and as long as you
are not
registering this
domain name
as Internet Domain
name, it
will NOT be known
by the
Internet users.
5
8
While a network
with ONLY
Windows2000
systems can
work using only
DNS, any
network with
"legacy"
versions of
Windows
(WfW,
Windows95/98/ME,
Windows NT4)
requires the
use of "NetBIOS",
either
using "NetBEUI"
-protocol or
using "NetBIOS
over TCP/IP",
for which I need to
define a
NetBIOS
compatible Domain
name.
Here I can use now
the name
of the workgroup,
which I
like to change to a
domain.
5
9
You need to define
the location
for the database and
Log-file
for the Active
Directory.
(on my system, I did

not have
the 200 Mbyte free
disk capacity
on my C:- system
drive, so I was
required = forced
by the installion
wizard to store this
information
to a different drive )
Remember the
window with
the information on
the
Active Direcory
stating the
need to a partition in
NTFS ?
At this time, the

"SYSVOL"
folder must be
defined on
an NTFS Disk-
partition.
The SYSVOL folder

will be
later visible as part
of the
"Network
Neighborhood"
or "My Network
Places"
and will contain user
specific
file, and to be able
to control
the access to these
files, that
6
0
partition must be
NTFS
(since it is not
possible to use a
FAT
-partition to define
Access rights)
Active Directory is based

on
using a DNS-server.
Since I did not yet install /
configure a DNS-server,
it is now required to
install it.
Unless you are an expert

on
DNS-server setup, please
follow the
recommondation
of the wizard to let the
wizard install now the
DNS-server.
6
1
Again the question:
will you have a network
with
some "legacy" systems
(= all pre-Windows
20000,
like
Windows95/98/ME/NT4)
Let's hope, that we will

never have to use this
password
for a Restore
operation......
6
2
The summary of all the
information collected in
the
previous steps.
Selecting now "Next"

will start the installation
of the Active Direcory
and
of the DNS-server.
You may have to be patient

now
for a LONG time :
Please, just WAIT !
6
3
It will need to install DNS
You may have to insert

your
Windows2000 CD-ROM
or point
the wizard to the
installation files
on the disk (if you copied
them from
CD-ROM to an I386
folder, as it is
often done on NT-
installations)
6
4
Finished !
You need to restart !
After making the Logon, you will be shown again the window for "Configure Your Server":
6
5
the information has changed, since you did already make the basic configuration.
You can now select to NOT "Show this screen at startup".
You are now able to define Active Directory Users.
If you need to change your configuration and make the system again a Stand-alone server,
you can un-install Active Directory.
Exercise 6:
To share folders with other users on your network

1. Open My Documents in Windows Explorer. Click Start, point to All Programs, point to Accessories,
and then click Windows Explorer.
2. Click the folder you want to share.
3. Click Share this folder in File and Folder Tasks.
4. In the Properties dialog box select the radio button Share this folder to share the folder with other
users on your network, as shown in Figure 1 below.
6
6
Figure 1. Sharing a folder on a network
5. To change the name of the folder on the network, type a new name for the folder in the Share name
text box. This will not change the name of the folder on your computer.
Note The Sharing option is not available for the Documents and Settings, Program Files, and Windows
system folders. In addition, you cannot share folders in other users’ profiles.
To set, view, change, or remove file and folder permissions
1. Open Windows Explorer, and then locate the file or folder for which you want to set permissions. To
open Windows Explore click Start, point to All Programs, point to Accessories, and then click
Windows Explorer.
2. Right-click the file or folder, click Properties, and then click the Security tab as shown in Figure 2
below.
6
7
Figure 2. Setting file and folder permissions
3. To set permissions for a group or user that does not appear in the Group or user names box, click Add.
Type the name of the group or user you want to set permissions for and then click OK, as shown in
Figure 3 below.
Figure 3. Adding new group or user permissions

4. To change or remove permissions from an existing group or user, click the name of the group or user
and do one of the following, as shown in Figure 2 above:
• To allow or deny a permission, in the Permissions for...box, select the Allow or Deny check
box.
• To remove the group or user from the Group or user names box, click Remove.
Notes
6
8
• In Windows XP Professional, the Everyone group no longer includes Anonymous Logon.
• You can set file and folder permissions only on drives formatted to use NTFS.
• To change permissions you must be the owner, or have been granted permission to do so by the owner.
• Groups or users granted Full Control for a folder can delete files and subfolders within that folder
regardless of the permissions protecting the files and subfolders.
• If the check boxes under Permissions for user or group are shaded or if the Remove button is
unavailable, then the file or folder has inherited permissions from the parent folder.
• When adding a new user or group, by default, this user or group will have Read & Execute, List Folder
Contents, and Read permissions.
Exercise:-7
Installing the TCP/IP Protocol

You may have installed the TCP/IP protocol when you installed Windows 2000. To check, go to the
"Network and Dial-up Connections" Control Panel (right-click "My Network Places" and choose
"Properties") and right-click on "Local Area Connection". Choose "Properties" from the menu.
If you've previously installed TCP/IP, it will appear in the list of installed protocols. If this is the case, you
should skip to the "Configuring TCP/IP" section of this document below. If it is not in the list, you will need
to install it.
To install the TCP/IP protocol,
1. Click on the "Install" button.

2. Double-click "Protocol."
3. Double-click "TCP/IP."
4. Insert the Windows 2000 CD-ROM if prompted to do so.
6
9
Configuring TCP/IP
To configure the TCP/IP protocol, go to the Network and Dial-up Connections Control Panel (right-click
"My Network Places" and choose "Properties") and right-click on "Local Area Connection". Choose the
"Properties" from the menu. Highlight the TCP/IP entry and press the "Properties" button.
7
0
Check both the Obtain an IP address automatically and the Obtain DNS server address automatically
radio buttons. Click on the Advanced button.
STEPS 5 and 6 are extremely important.
Click on the DNS tab at the top of the screen.
7
1
Locate the check box next to Register this connection's addresses in DNS towards the bottom of the
screen. If the box is checked, uncheck it. If it is already unchecked, leave it alone.
7
2
Click OK to close this dialog box, and close the Network control panel. You will need to reboot your
computer for the changes to take effect.
Exercise 8:
The Domain Name System (DNS) is the Active Directory locator in Windows 2000. Active
Directory clients and client tools use DNS to locate domain controllers for administration and logon.
You must have a DNS server installed and configured for Active Directory and the associated client
software to function correctly. This article guides you through the required DNS configuration.
Install Microsoft DNS Server
1. Click Start, point to Settings, and then click Control Panel.

2. Double-click Add/Remove Programs.
3. Click Add and Remove Windows Components.
4. The Windows Components Wizard starts. Click Next.
5. Click Networking Services, and then click Details.
6. Click to select the Domain Name System (DNS) check box, and then click OK.
7. Click OK to start server Setup. The DNS server and tool files are copied to your computer.
8. Continue to the next step to configure the DNS server.
7
3
Configure the DNS Server Using DNS Manager
These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft
Management Console (MMC).
1. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager.
You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup
Zone.
2. The DNS Server Configuration Wizard starts. Click Next.
3. If the Wizard does not auto-start, right-click your server name object in the DNS Manager
console and choose Configure your Server.
4. Choose to add a forward lookup zone. Click Next. The new forward lookup zone must be a
primary zone so that it can accept dynamic updates. Click Primary, and then click Next.
5. The zone name must be exactly the same as your Active Directory Domain name, or, if on a
stand-alone or workgroup environment - the same as the suffix for all of the network
computers that are to register with this DNS server. Type the name of the zone, and then
click Next.
6. Accept the default name for the new zone file. Click Next.
7. Choose to add a reverse lookup zone now. Click Next.
7
4
8. Click Primary, and then click Next.
9. Type the name of the zone, and then click Next. The zone name should match the Network
ID of your local subnet. For example, if your subnet range is from 192.168.0.1 to
192.168.0.254, type 192.168.0 in the name value.
11. Click Finish to complete the Server Configuration Wizard.
After the Server Configuration Wizard is finished, DNS Manager starts. Proceed to the next step to
enable dynamic update on the zone you just added.
A caching-only DNS server reduces outgoing DNS traffic and speeds up name resolution. It receives
queries from clients, performs the queries against other name servers, caches the results, and returns those
results to the client. In this Windows 2000 Server tip, Jim Boyce tells you how to configure a caching-only
DNS forwarder.
If you want to reduce network traffic for DNS and improve DNS lookup, one solution is to create a
caching DNS forwarder on your network. A caching-only DNS server receives queries from clients,
performs the queries against other name servers, caches the results, and returns those results to the client.
It then returns subsequent queries for the specified host from the cache instead of submitting them to an
external server. This reduces outgoing DNS traffic and speeds up name resolution.
You can set up a caching-only server by configuring the DNS service with one or more forwarders, which
are upstream DNS servers to which the local DNS server will forward queries (essentially acting as a DNS
client).
7
5
You can configure the DNS service to work with forwarders either nonexclusively or exclusively. In
nonexclusive mode, the DNS server checks its cache for the host. If the lookup fails, it forwards the query
to the specified forwarder. If that query fails, the DNS server attempts to resolve the query on its own
through the root servers.
In exclusive mode, the DNS service also checks its cache. If the lookup fails, it forwards the query to the
forwarder.
If the upstream servers fail the query, the DNS server doesn't attempt resolution on its own; instead, it fails
the query to the client. A DNS server acting in exclusive mode with a forwarder is a caching-only slave.
To configure forwarding, follow these steps:
1. Open the DNS console, right-click the server, and choose Properties.
2. On the Forwarders tab, choose Enable Forwarders, and add the IP addresses of the upstream DNS
servers to which you want to forward queries.
3. If you want the DNS service to work in exclusive mode, select the Do Not Use Recursion option.
4. Click OK to apply the change.
Keep in mind that restarting the server will clear the DNS cache, so a caching-only server works best when
it's been running for an extended period of time.
Exercise 9
Starting with a Windows 2000-Based Standalone Server

This server becomes a DNS server for your network. In the first step, you assign this server a static
Internet Protocol (IP) address. DNS servers should not use dynamically assigned IP addresses because a
dynamic change of address could cause clients to lose contact with the DNS server.
Step 1: Configure TCP/IP

2. Double-click Network and Dial-up Connections.
3. Right-click Local Area Connection, and then click Properties.
4. Click Internet Protocol (TCP/IP), and then click Properties.
5. Assign this server a static IP address, subnet mask, and gateway address.
6. Click Advanced, and then click the DNS tab.
7. Click Append primary and connection specific DNS suffixes.
8. Click to select the Append parent suffixes of the primary DNS suffix check box.
9. Click to select the Register this connection's addresses in DNS check box.
Note that Windows 2000-based DNS severs should point to themselves for DNS. If this server needs to
resolve names from its Internet service provider (ISP), you should configure a forwarder. Forwarders
are discussed later in this article.
10. Click OK to close Advanced TCP/IP Settings properties.
11. Click OK to accept the changes to your TCP/IP configuration.
12. Click OK to close Local Area Connections properties.
NOTE: If you receive a warning from the DNS Caching Resolver service, click OK to dismiss the
warning. The caching resolver is trying to contact the DNS server, but you have not finished
7
6
configuring the server.
Step 2: Install Microsoft DNS Server
2. Double-click Add/Remove Programs.
3. Click Add and Remove Windows Components.
4. The Windows Components Wizard starts. Click Next.
5. Click Networking Services, and then click Details.
6. Click to select the Domain Name System (DNS) check box, and then click OK.
7. Click OK to start server Setup. The DNS server and tool files are copied to your computer.
Step 3: Configure the DNS Server Using DNS Manager
These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft
Management Console (MMC).
1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2. Right-click Forward lookup zones, and then click New Zone.
3. When the New Zone Wizard starts, click Next. You are then prompted for a zone type. The zone types
include:
• Active Directory-integrated: An Active Directory-integrated zone stores the DNS zone information
in Active Directory instead of in a .dns file.
• Standard primary: A standard primary zone stores the DNS zone information a .dns text file instead
of in Active Directory.
• Standard secondary: A standard secondary zone copies all of the information from its master DNS
server. A master DNS server can be an Active Directory, primary, or secondary zone that is
configured for zone transfers. Note that you cannot modify the zone data on a secondary DNS server.
All of its data is copied from its master DNS server.
4. The new forward lookup zone must be a primary or an Active Directory-integrated zone so that it can
accept dynamic updates. Click Primary, and then click Next.
5. The new zone contains the locator records for this Active Directory-based domain. The name of the zone
must be the same as the name of the Active Directory-based domain, or be a logical DNS container for
that name. For example, if the Active Directory-based domain is named "support.microsoft.com", valid
zone names are "support.microsoft.com" only.
NOTE: Experienced DNS administrators may want to create a reverse lookup zone, and are encouraged
to explore this branch of the wizard. A DNS server can resolve two basic requests: a forward lookup and
a reverse lookup. A forward lookup is more common. A forward lookup resolves a host name to an IP
address with an "A" or Host Resource record. A reverse lookup resolves an IP address to a host name
with a PTR or Pointer Resource record. If you have your reverse DNS zones configured, you can
automatically create associated reverse records when you create your original forward record. For
additional information about reverse DNS configuration, click the following article number to view the
article in the Microsoft Knowledge Base:
174419 How to configure a subnetted reverse lookup zone on Windows NT, Windows 2000, or Windows
Server 2003
A Windows 2000-based DNS server follows specific steps in its name-resolution process. A DNS server
first queries its cache, then it checks its zone records, then it sends requests to forwarders, and finally it
tries resolution by using root servers.
By default, a Microsoft DNS server connects to the Internet to further process DNS requests with root
hints. When you use the Dcpromo tool to promote a server to a domain controller, the domain controller
requires DNS. If you install DNS during the promotion process, you get a root zone. This root zone
indicates to your DNS server that it is a root Internet server. Therefore, your DNS server does not use
forwarders or root hints in the name-resolution process.
7
7
To Remove the Root DNS Zone
1. In DNS Manager, expand the DNS Server object. Expand the Forward Lookup Zones folder.
2. Right-click the "." zone, and then click Delete.
Windows 2000 can take advantage of DNS forwarders. This feature forwards DNS requests to
external servers. If a DNS server cannot find a resource record in its zones, it can send the request to
another DNS server for additional attempts at resolution. A common scenario might be to configure
forwarders to your ISP's DNS servers.
To Configure Forwarders
1. In DNS Manager, right-click the DNS Server object, and then click Properties.
2. Click the Forwarders tab.
3. Click to select the Enable Forwarders check box.
4. In the IP address box, type the first DNS server to which you want to forward, and then click Add.
5. Repeat step 4 until you have added all the DNS servers to which you want to forward.
To Configure Root Hints
Windows includes the ability to use root hints. The Root Hints resource records can be stored in either
Active Directory or text files (%SystemRoot%\System32\DNS\Cache.dns files). Windows uses the
standard InterNIC root server. Also, when a Windows 2000-based server queries a root server, it updates
itself with the most recent list of root servers.
1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2. In the DNS Management console, right-click the server name, and then click Properties.
3. Click the Root Hints tab. Your DNS server's root servers are listed on this tab.
If the Root Hints tab is unavailable, your server is still configured as a root server. See the "To Remove
the Root DNS Zone" section in this article. You may need to use custom root hints that are different from
the default. However, a configuration that points to the same server for root hints is always incorrect.
You should not modify your root hints. If your root hints are incorrect and need to be replaced, see the
following Microsoft Knowledge Base article:
249868 Replacing root hints with the Cache.dns file

To Configure DNS Behind a Firewall
Proxy and Network Address Translation (NAT) devices can restrict access to ports. DNS uses UDP and
TCP port 53. The DNS Service Management console also uses remote procedure call (RPC). RPC uses
port 135. These are potential issues that could arise when you configure DNS and firewalls.
Session 6:-
Exercise 4: Install and Configure the DHCP Server Service
Installing the DHCP Service

You can install DHCP either during or after the initial installation of Windows 2000 Server or Advanced
Server, although there must be a working DNS in the environment. To validate your DNS server, click
Start, click Run, type cmd, press ENTER, type ping friendly name of an existing DNS server in your
environment, and then press ENTER. An unsuccessful reply generates an "Unknown Host My DNS server
name" message.
7
8
To install the DHCP Service on an existing Windows 2000 Server:
1. Click Start, click Settings, and then click Control Panel.
2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.
3. In the Windows Component Wizard, click Networking Services in the Components box, and then
click Details.
4. Click to select the Dynamic Host Configuration Protocol (DHCP) check box if it is not already
selected, and then click OK.
5. In the Windows Components Wizard, click Next to start Windows 2000 Setup. Insert the Windows
2000 Advanced Server CD-ROM into the CD-ROM drive if you are prompted to do so. Setup copies the
DHCP server and tool files to your computer.
6. When Setup is complete, click Finish.
Configuring the DHCP Service

After you install and start the DHCP service, you must create a scope (a range of valid IP addresses that
are available for lease to the DHCP clients). Each DHCP server in your environment should have at least
one scope that does not overlap with any other DHCP server scope in your environment. In Windows
2000, DHCP servers within an Active Directory domain environment must be authorized to prevent rogue
DHCP servers from coming online and authorizing a DHCP Server.
When you install and configure the DHCP service on a domain controller, the server is typically
authorized the first time that you add the server to the DHCP console. However, when you install and
configure the DHCP service on a member server, you need to authorize the DHCP server.
Note A stand-alone DHCP server cannot be authorized against an existing Windows Active Directory.
To authorize a DHCP server:

1. Click Start, click Programs, click Administrative Tools, and then click DHCP.
Note You must be logged on to the server with an account that is a member of the Enterprise
Administrators group.
2. In the console tree of the DHCP snap-in, select the new DHCP server. If there is a red arrow in the
bottom-right corner of the server object, the server has not yet been authorized.
3. Right-click the server, and then click Authorize.
4. After a few moments, right-click the server again and then click Refresh. The server should display a
green arrow in the bottom-right corner to indicate that the server has been authorized.
To create a new scope:
1. Click Start, click Programs, point to Administrative Tools, and then click DHCP.
Note In the console tree, select the DHCP server on which you want to create the new DHCP scope.
2. Right-click the server, and then click New Scope. In the New Scope Wizard, click Next, and then type a
name and description for the scope. This can be any name that you choose, but it should be descriptive
enough to identify the purpose of the scope on your network. For example, you might use Administration
Building Client Addresses.
3. Type the range of addresses that can be leased as part of this scope, for example, a starting IP address of
192.168.100.1 to an ending address of 192.168.100.100. Because these addresses are given to clients,
they should all be valid addresses for your network and not currently in use. If you want to use a different
subnet mask, type the new subnet mask. Click Next.
4. Type any IP addresses that you want to exclude from the range you entered. This includes any addresses
that may have already been statically assigned to various computers in your organization. Click Next.
5. Type the number of days, hours, and minutes before an IP address lease from this scope expires. This
determines the length of time that a client can hold a leased address without renewing it. Click Next to
7
9
select Yes, I want to configure these options now, and then extend the wizard to include settings for the
most common DHCP options. Click Next.
6. Type the IP address for the default gateway that should be used by clients that obtain an IP address from
this scope. Click Add to place the default gateway address into the list, and then click Next.
Note When DNS servers already exist on your network, type your organization's domain name in Parent
domain. Type the name of your DNS server, and then click Resolve to ensure that your DHCP server
can contact the DNS server and determine its address. Then click Add to include that server in the list of
DNS servers that are assigned to the DHCP clients. Click Next.
7. Click Yes, I want to activate this scope now, to activate the scope and allow clients to obtain leases
from it, and then click Next. Click Finish.
Troubleshooting
• Clients are unable to obtain an IP address
If a DHCP client does not have a configured IP address, it generally means that the client has not been
able to contact a DHCP server. This is either because of a network problem or because the DHCP server
is unavailable. If the DHCP server has started and other clients have been able to obtain a valid address,
verify that the client has a valid network connection and that all related client hardware devices
(including cables and network adapters) are working properly.
• The DHCP server is unavailable
When a DHCP server does not provide leased addresses to clients, it is often because the DHCP service
has failed to start. If this is the case, the server may not have been authorized to operate on the network.
If you were previously able to start the DHCP service, but it has since stopped, use Event Viewer to
check the system log for any entries that may explain the cause.
Note To restart the DHCP service, click Start, click Run, type cmd, and then press ENTER. Type net
start dhcpserver, and then press ENTER.
Exercise 5
To install WINS, DNS, DHCP, and the other networking options that are included in Windows 2000, use
the following steps:
1. Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
2. Click Add/Remove Windows Components.
3. In the Windows Components Wizard, click Networking Services, and then click Details. You can add or
remove networking services components in this window.
Exercise 6:-
Windows 2000 VPN client
Configuration
1) Double click on My Computer.

2) Double click on Control Panel. Once the Control Panel window is opened, double click on the
Network and Dial-Up Connections icon.
3) Once the Dial-Up Connections window opens, double click Make New Connection. The Connection
Wizard is launched.
8
0
4) Advance to the next window of options by clicking Next. Select the third option: Connect to a private
network through the Internet.
5) Select Do not dial the initial connection then click Next.
8
1
6) Type in the VPN server address: "inside.mcgill.ca".
7) Optional: make this available under your log-in only or for everyone. Click Next.
8
2
8) Assign a name ("McGill VPN") to the connection and click Finish.
Connecting
1) If you are running Firewall software, please note that to connect to VPN you must open TCP port #1723
for PPTP.
2) Next, connect to your ISP as you normally would.
3) After you have established a connection to the Internet, to connect to the VPN server, double click on
the VPN icon located on your desktop.
8
3
4) Enter your username and password and click the Connect button.
User name: firstname.lastname
Password: DAS password
5) You will see a Connection Established window once you have successfully connected to VPN.
Exercise 7
Microsoft DFS (Distributed file system) Windows NT/Windows 2000 includes Microsoft's new
hierarchical distributed file system. DFS is a true distributed file system that lets administrators create
custom hierarchical trees that group file resources from anywhere in the organization.
Microsoft DFS is designed to make it easier to access files on networks. It provides a way to unite files on
different computers under a single name space. To the user, files appear as if they are in one location,
rather than on separate computers. A hierarchical tree provides a view of these files, and users can "drill
down" through the tree to find just the information they are looking for.
The user does not need to know or care about the physical location of the file, only where it is located in
the hierarchical view. That means that users no longer search for files by opening file servers and disk
drives, and looking through a separate directory structure on each. Instead, users look through a logical
directory that places shared information in a place that makes more sense to users and administrators alike.
With DFS, an administrator does up-front work to logically organize information, so users don't have
trouble finding it later on.
As an analogy, think of a city library system in which the book catalog at each library lists all the books
available at libraries throughout the city. You can order any book and it will be delivered from its current
location. The important point is that there is one library catalog system that provides a list of all the books
available, no matter what their physical location. DFS provides a single "catalog" view of files on your
network, no matter where those files are located.
Some of the benefits of DFS are outlined here:
 In Windows 2000, DFS takes advantage of the Active Directory. The DFS tree topology is
automatically published to the Active Directory, resulting in fault tolerance for the DFS root.
 Users can access information with DFS's hierarchical view of network resources. Administrators
can create custom views to make file access easier for users.
 Volumes consist of individual shares, and those shares can be at many different locations. A share
can be taken offline without affecting the rest of the volume. The volumes that you add to a DFS
root are the leaves or branch nodes that represent shared network directories.
 User access to DFS volumes is controlled with standard Windows NT/Windows 2000 security,
such as group access rights.
 To ensure that critical data is always available, administrators can set up alternate locations for
accessing data by simply including the alternate locations under the same logical DFS name.
Client software automatically chooses to use data on a server that is closest to the user. If one of
the locations goes down, another location is automatically selected.
 Response time can be improved by load balancing the system. Often-accessed files can be stored
in multiple locations, and the system will automatically distribute requests across the drives to
balance traffic during peak usage periods.
 Users don't need to know about the physical location of files. Administrators can physically move
files to other drives; but to the user, the files still appear under the same location in the
hierarchical tree.
8
4
 Client access to shares is cached to improve performance. The first time a user accesses a
published directory, the information is cached and used for future references.
 DFS simplifies enterprise backups. Since a DFS tree can be built to cover an entire enterprise, the
backup software can back up this single "tree," no matter how many servers/shares are part of the
tree. The tree can include Windows 95 and Windows NT/Windows 2000 desktops as well.
 A graphical administration tool makes it easy to configure volumes, DFS links, and remote DFS
roots.
DFS fits into an organization's Internet and intranet strategy. The Web page of individual departments or
even users can be included within the directory tree. DFS can also hold HTML links; so, if linked pages
are moved to a different physical location, all links pointing to the pages will not have to be reconfigured.
DFS Volumes
A DFS volume starts out by being hosted by a specific computer. There may be many individual DFS
volumes available on a network, and each will have its own distinct name. Windows NT/Windows 2000
servers are currently the only systems that can host DFS volumes. An organization might have a master
DFS volume that contains links to other DFS volumes at the department or division level. Another volume
might tie together shares that are common in each department, such as public documents.
In the DFS volume name shown here, the hosting computer name is Server_Name:
\\Server_Name\DFS Share Name\path\name
Like a local file system, a DFS volume has a root that is its starting point. This is represented by
DFS_Share_Name. The reference to path\name can be any valid pathname.
Exercise 8:-
The Microsoft Certificate Server (MCS) enables you to install the Certificate Server service as either its
own Root Certificate Authority (Root CA) or as a service that will use an external (public) Certificate
Authority (non-Root CA). These two configurations require very different configuration processes, and are
mutually exclusive. Your Certificate Server can be either a Root CA or a non-Root CA, but not both.
Before you install the MCS on your server, you need to evaluate how you are going to use it. For example,
if your use of the MCS is to provide your corporate intranet users with secure communications, then you
would want to install the MCS as a Root CA, and issue your own self-signed certificates to your servers
and users.
However, if you intend to use the MCS on your Internet server to provide your Internet users with secure
communications so they can safely provide confidential purchasing information (such as credit card
numbers), then you would want to install the MCS as a non-Root CA and obtain a validating certificate
from an external CA such as VeriSign.
Because of the differences between installing the MCS for external (non-Root CA) and internal (Root-CA)
use, we have described each of these uses separately later in this chapter, following the section on
installation.
To install the Microsoft Certificate Server, you must install the Windows NT 4.0 Option Pack using the
Custom option, and select the Certificate Server for installation. You have two distinct options for
installing Certificate Server:
8
5
 Installing MCS as a stand-alone Certificate Authority by specifying it as the Root CA (commonly
used for intranet implementations)
 Installing MCS to use a public Certificate Authority hierarchy by specifying it as a non-Root CA
(commonly used for Internet servers)
This selection is significant in determining where the certificates supplied by MCS derive their validation
(from your enterprise or from a public agency verifying your identity). This important option is selected in
step 2 in the following list.
Note: Certificate Server cannot be installed on a Windows NT Server that is a Backup Domain Controller
(BDC). The Certificate Server must either be installed on a Primary Domain Controller (PDC) or a stand-
alone Server.
During the installation of the Windows NT 4.0 Option Pack, you are prompted with several dialog boxes
to configure the Certificate Server settings.
The following list walks you through the dialog boxes used in installing Certificate Server:
1. Following the installation dialog boxes for SMTP, NNTP, and MSMQ (if selected), the Windows
NT 4.0 Option Pack installation process switches to installing the Certificate Server, and you are
prompted with several dialog boxes to configure Certificate Server settings.
You must set the following options in the Microsoft Certificate Server Setup dialog box:
 The Configuration Data Storage Location must be set to a local directory that is shared
on the network, so users can access and install certificates. The local pathname for this
shared directory must be specified in full, including the drive letter (for example,
D:\CertFile).
 The Database Location folder defaults to the %systemroot%\system32\ CertLog
directory, but it can be modified by clicking Browse and selecting a different directory.
 The Log Location folder also defaults to the %systemroot%\system32\ CertLog
directory, and may be changed by clicking Browse and selecting a different directory.
 The Show Advanced Configuration checkbox, by default, is not selected, and the
defaults for MCS specify that it will install as a Root CA. This default is acceptable only
if you are going to use the MCS as a Root CA on your intranet. If you want to employ
this installation of MCS on an Internet server, you will likely want to setup MCS as a
non-Root CA and obtain a server certificate from a public CA source (such as VeriSign).
Note: This option is very important in the installation of MCS, because you cannot change from a Root CA
to a non-Root CA without reinstalling.
The Show Advanced Configuration checkbox enables you to set up MCS as a non-Root CA or to modify
any other Advanced option. If you want to configure MCS as a non-Root CA, in its subsequent dialog box
select the Non-Root CA option.
Once you have selected the desired directories and enabled the Show Advanced Configuration option (if
needed), click Next to continue.
2. If the Show Advanced Configuration checkbox is checked, the next dialog box, shown in Figure
17-2, will request you to set MCS as a Root or non-Root CA, as well as select a Cryptographic
Services Provider (CSP) and a hash algorithm. In this version of Certificate Server, the Microsoft
8
6
Base Cryptographic Provider is the only CSP option available, and the MD5 hashing algorithm is
selected by default.
Note: As indicated by the README.TXT for Service Pack 4, do not use the HMAC hashing algorithm, or
the MCS installation will fail.
This dialog box offers the following options:
 A checkbox enabling you to use existing keys (not selected by default). This option is
useful when restoring Certificate Server or when you want to use keys generated by
other applications. When the Use Existing Keys option is enabled, the remaining options
in the bottom half of the dialog boxes are disabled.
 A checkbox option to remove existing certificate information, which is not selected by
default. To remove existing certificate data, click the checkbox next to Erase all previous
configuration information.
 This Certificate Server installation will be automatically set as the default Certificate
Server. To allow a different Certificate Server to be
the default, clear the checkbox next to Make this Certificate Server the default.
 The Certificate Authority Hierarchy is specified in this dialog box, and by default
assigns the selected CSP Root Certificate Authority that creates a root certificate for the
Certificate Authority. When the Root CA option is selected, the Certificate Server
Configuration Wizard creates a public/private pair of keys and a self-signed root
(signature) and key exchange certificates for your newly created Root CA.
 If Non-Root CA is selected, a Root CA certificate is not generated, and only a CA
certificate request file is created. The non-Root CA must be selected if you want to use a
public CA certificate on this server for Internet applications.
Note: This non-Root CA certificate request file must be submitted to a CA (such as VeriSign or MCS) in
order to generate a certificate. This externally validated non-Root CA certificate would be used in a CA
hierarchy, though only limited support for CA hierarchies (for use with Exchange) is included in this
version of MCS. Full support for CA hierarchies is planned for the Windows 2000 version of MCS. This
certificate request file is not a server certificate request file, and does not contain a Common Name (that is,
DNS name) value required for valid server certificates. You should use Key Manager to create a server
certificate request file after you have completed the installation.
Once you have selected the desired options, click Next to continue.
3. In the next Certificate Server dialog box, asked to provide the Certificate Authority name,
organization, organizational unit, locality, state, country, and description for this Certificate
Authority. Fill in the information for your enterprise and click Next to continue.
4. Upon completion of the identifying information, the Configuration Wizard does one of two
things, depending upon the type of CA that was selected.
If a Root CA was selected, the Configuration Wizard creates the root (signature) and key
exchange certificates for your newly created Root CA. The keys, certificates, and configuration
data are handled in the following manner:
 The keys are stored in the local machine’s key repository, and configuration information
is written to the registry.
 The certificates will be stored in the Configuration Data Storage Location specified in
the first Certificate Server installation dialog box. You will be able to use these
certificates for server and client authentication in support of SSL sessions for your Web
sites.
 The newly created CA certificate will be added to the Certificate Authority Certificate
List Web page, which enables clients to install a CA certificate via their Web browser.
8
7
This process is discussed in the “Installing a CA Certificate on the Client” section later
in this chapter.
 The Certificate Server configuration file is written to the Configuration Data Storage
Location in a text file called CertSrv.txt.
This CA requires that both IPSec peers transact with a Registration Authority (RA), which then forwards
the requests through to the CA. Both the remote IPSec peer and the local IPSec peer must be configured
with the both the CA and RA public keys. The CA and RA public keys are signature and encryption key
pairs, which must be generated and enrolled for authentication to occur.
Session 7:-
Exercise 3:- Install the routing and remote access services for IP Routing.
You can install Routing and Remote Access Service by downloading the installation files from the
Microsoft web site to your computer.
You can download the Routing and Remote Access Service files to a client or workstation computer, but
Routing and Remote Access Service can only be installed on a computer that runs Windows NT Server
version 4.0. To install Routing and Remote Access Service on another computer, see the procedure
"Installing Routing and Remote Access Service by Using a Network Connection to the Setup Files" in this
chapter.
Note Routing and Remote Access Service running on Windows NT Server version 4.0 is also referred to
as the Windows NT router.
Preparing Your System

Before you can install Routing and Remote Access Service, you must have a computer running Windows
NT Server version 4.0 with Service Pack 3 or later installed.
You must remove any previous versions of the Remote Access Service (RAS) and MultiProtocol Routing
(MPR) version 1 (the RIP for IP, RIP for IPX, and DHCP Relay Agent services) on that computer. You
must pause the SNMP Service on your Windows NT Server computer before installing Routing and
Remote Access Service.
Caution By removing RAS and MPR version 1, you erase your current Remote Access Service and MPR
version 1 configurations.
To remove a service
1. Double-click Network in Control Panel.
2. Click the Services tab.
3. Click the service you want to remove, and then click Remove.
The Routing and Remote Access Service installation program prompts you to remove RAS and pause the
SNMP Service if it detects that you are running them.
If you do not already have the services and protocols shown in Table 2.1 and you plan to use them, you
should install them prior to installing Routing and Remote Access Service.
Table 2.1 Services and Protocols to Install Before Routing and Remote Access Service
8
8
If you want Install this service or protocol
IP routing TCP/IP protocol
IPX routing NWLink IPX/SPX–compatible transport
SNMP management SNMP Service
Installing Media
Before you install Routing and Remote Access Service, install all the hardware on your computer that you
will need for a router. This includes modems, ISDN devices, or other remote access devices for remote
access connectivity, as well as network adapters for network connectivity. Use the manufacturer's
instructions to install these devices on your computer.
Note Installing LAN and WAN hardware prior to installing Routing and Remote Access Service is
recommended. You do not need to reinstall Routing and Remote Access Service if you change or add
hardware.
You should also install the Windows NT drivers for the network adapters before installing Routing and
Remote Access Service.
To install network adapter drivers

1. In Network in Control Panel, click the Adapters tab.
2. Click Add.
3. In the Select Network Adapter dialog box, select the driver for your network adapter from the list. If
your network adapter is not on the list, click Have Disk and supply a disk with a Windows NT driver
from the manufacturer.
After you install Routing and Remote Access Service, you must add the remote access devices to the
Routing and Remote Access Service.
To add remote access devices

1. In Network in Control Panel, select Routing and Remote Access Service from the Services
tab.
2. Click Properties.
3. In the Remote Access Setup dialog box, click Add.
System Requirements
Table 2.2 describes the system requirements for Routing and Remote Access Service.
Table 2.2 System Requirements for Routing and Remote Access Service
Category Requirement
Hardware A 32-bit x86-based microprocessor (such as Intel 80486/50 or higher), Intel Pentium, or
supported RISC-based microprocessor, such as the Digital Alpha Systems
One or more network adapter cards,WAN cards, or modems
VGA or higher-resolution monitor
8
9
Category Requirement
One or more hard disks, with 40 MB minimum free disk space on the partition that will
contain the Routing and Remote Access Service system files
Operating Windows NT Server version 4.0 plus Service Pack 3 or later
System
Memory 16 MB RAM minimum
Optional Recommended: A mouse or other pointing device
components
Installing Routing and Remote Access Service

During Routing and Remote Access Service Setup, you can install the Routing and Remote Access Service
files on the same computer on which you downloaded the files, or you can download the files and then
install Routing and Remote Access Service on another computer.
To set up Routing and Remote Access Service by downloading from the Web, see "Downloading and
Installing Routing and Remote Access Service from the Web."
To set up Routing and Remote Access Service on another computer, see "Installing Routing and Remote
Access Service by Using a Network Connection to the Setup Files."
Downloading and Installing Routing and Remote Access Service from the Web
To download and install Routing and Remote Access Service from the Web, you need to follow the
steps outlined in the following sections:
• Download the Routing and Remote Access Service files
• Install Routing and Remote Access Service options
• Finish installation if you install a RAS Server
Download the Routing and Remote Access Service Files

1. In your Web browser, go to Routing and Remote Access Service Update for Windows NT Server 4.0 .
2. Follow the instructions on the screen to download the Routing and Remote Access Service installation
files to your computer.
Specify the path and directory where you want to put the Routing and Remote Access Service
installation files. These files are kept on your computer for future configuration or installations.
After copying the files to a directory on your computer, you can then continue Setup and install Routing
and Remote Access Service, or you can exit Setup to install Routing and Remote Access Service at a later
time or on another computer.
Note If Setup detects that you have a previous version of RAS or are running the SNMP Service, it
prompts you to delete RAS and pause the SNMP Service. If you choose to delete RAS, Setup prompts you
to restart your computer. The Setup program automatically continues when the computer restarts.
Install Routing and Remote Access Service Options

During Routing and Remote Access Service Setup the dialog box shown in Figure 2.1 appears
automatically.
9
0

Figure 2.1 Setting Routing and Remote Access Service options
You can use this dialog box to install any or all of the options described in Table 2.3. If do not install an
option, such as Remote access service, and you later want this functionality, you must run mprsetup
again to install it. For information on how to use this command, see the procedure "Run Setup" in the
section "Installing Routing and Remote Access Service by Using a Network Connection to the Setup
Files" later in this chapter.
Table 2.3 Routing and Remote Access Service Installation Options
Option Effect if selected
Remote access Installs support for client dial-up networking.
service
LAN routing Installs support for LAN-to-LAN routing (including WAN cards that support LAN
emulation).
Demand-dial Installs support for routing over WANs and dial-up media, such as ISDN and PPTP.
routing
Finish Installation If you Install a RAS Server

If you install Remote Access Service (RAS), you must configure additional Setup dialog boxes.
Additionally, you can choose to use Remote Authentication Dial-In User Service (RADIUS)
authentication instead of Windows NT authentication to authenticate remote clients.
1. In the Add RAS Device dialog box, select the remote access devices, such as modems or PPTP VPNs,
that you want to use for demand-dial routing and RAS, and click OK.
2. In the Routing and Remote Access Setup dialog box, click Network.
3. In the Network Configuration dialog box, select the network protocols (IP or IPX) you want to use
for your router.
4. If you want to use RADIUS authentication, in the Authentication provider box, click the RADIUS
option and click Configure.
You can then select and configure RADIUS servers to use as your provider.
5. In the Routing and Remote Access Setup dialog box, click Continue.
After you have finished installing Routing and Remote Access Service, the Routing and RAS Admin tool
is installed in your Start/Programs/Administrative Tools (Common) folder. Any network adapters that
you have installed automatically appear as interfaces in Routing and RAS Admin. If you plan to use
9
1
routing protocols, you must add the protocols and then add interfaces to them before you can begin to use
the Windows NT router. For more information on how to add these see Chapter 3, "Administering Routing
and Remote Access Service."
Installing Routing and Remote Access Service by Using a Network Connection to the Setup Files
You can download the files as described in "Downloading and Installing Routing and Remote Access
Service from the Web," and then install Routing and Remote Access Service on another computer.
Although you can download the Routing and Remote Access Service files to any client or workstation
computer, Routing and Remote Access Service can be installed only on a computer running Windows NT
Server.
To install Routing and Remote Access Service on another computer, you need to follow the steps
outlined in the following sections:
• Copy Setup files
• Run Setup
Copy Setup Files

Copy the file mprsetup.exe from the directory where you stored the installation files to
Systemroot\System32 on your computer running Windows NT Server.
Run Setup
1. On the computer running Windows NT Server, open a Command Prompt window.
2. Run mprsetup and type the path to the installation files.
For example, type:
mprsetup \\Computername\Share
9
2
Exercise 4:-
The "Routing and Remote Access" administrative tool is used to enable routing on a Windows 2000
server that is multihomed (has more than one network card). Windows 2000 professional cannot be a
router. The "Routing and Remote Access" administrative tool or the "route" command line utility can be
used to configure a static router and add a routing table. A routing table is required for static routing.
Dynamic routing does not require a routing table since the table is built by software. Dynamic routing does
require additional protocols to be installed on the computer. When using the "Routing and Remote Access"
tool, the following information is entered:
 Interface - Specify the network card that the route applies to which is where the packets will come
from.
 Destination - Specify the network address that the packets are going to such as 192.168.1.0.
 Network Mask - The subnet mask of the destination network.
 Gateway - The IP address of the network card on the network that is configured to forward the
packets such as 192.168.1.1.
 Metric - The number of routers that packets must pass through to reach the intended network. If
there are more than 1, the Gateway address will not match the network address of the destination
network.
Dynamic Routing
Windows 2000 Server supports Network Address Translation (NAT) and DHCP relay agent. Three
Windows 2000 supported Dynamic routing protocols are:
 Routing Information Protocol (RIP) version 2 for IP

 Open Shortest Path First (OSPF)
 Internet Group Management Protocol (IGMP) version 2 with router or proxy support.
The "Routing and Remote Access" tool is used to install, configure, and monitor these protocols and
routing functions. After any of these dynamic routing protocals are installed, they must be configured to
use one or more routing interfaces.
OSPF Terms
 Area border router - A router that interfaces to subnets in more than one OSPF area.
 Autonomous system - Routing areas that are administered by a single organization.
 Autonomous system boundary router - A router that connects an autonomous system to another
autonomous system or the internet.
 Backbone area - The main OSPF or root routing area that is connected to all other areas with an
ID of 0.0.0.0 (ID number does not reflect any IP address).
 Internal router - Router that does internal routing.
 Internal routing - Routing done in one routing area.
 Routing area - A group of IP subnets connected by links with an ID similar to an IP address that
is used to identify the area. In Active Directory, a routing area would likely be configured for
each site. Passwords are used for each routing area.
9
3
Routing Configuration Issues
 RIP - Tabs:
o On the security tab of the RIP properties dialog box there as a selection of one of:
 Accept announcements from all routers
 Accept announcements from listed routers only - A list must be created.
 Ignore announcements from all listed routers - A list must be created.
o General - Maximum delay setting controlling how long the router waits to update other
routers. Includes logging controls.
 OSPF - Property box tabs:
o Areas - In the OSPF properties dialog box (Areas tab?) select one of the following
network types:
 Broadcast - For normal local area networks.
 Point-to-point - For demand dial interfaces.
 Non-broadcast multiple access (NBMA) - For frame relay or X.25 networks.
o General - Includes logging controls along with "Router Identification field" and "Enable
Autonomous System Boundary Router" checkbox.
o Virtual Interfaces - If an OSPF area is not connected directly to the backbone area, a
virtual interface must be created to allow for it to go through one or more intermediate
networks. The virtual interface tells OSPF which router has an interface that connects to
the backbone area. The entered password must be the one required by the router with the
interface connecting to the backbone area that packets are being sent to.
o External Routing - Allow or reject external route table sources.
 Internet Group Management Protocol (IGMP) version 2 Router and Proxy is used to manage
routing of multicast network traffic.
o Routers must be configured with IGMP to use multicasting on a network. The interface
may be configured as an IGMP router or an IGMP proxy. An IGMP router will update
its table with group information and forward multicast traffic.
The "Routing and Remote Access" tool server properties dialog box contains these tabs:
 General - Can enable the computer as a router for LAN routing only or for LAN and demand
dialing. Also the computer may be enables as a Remote Access Server (RAS).
 Security - Can select Windows Authentication or RADIUS authentication for remote access and
dial on demand connections. A provider to log all sessions with the router can be selected.
Chioces are none, Windows accounting, or RADIUS accounting.
 IP - Can "Enable IP routing", and "Allow IP-based remote access and demand-dial connections".
The computer may also be configured to use a DHCP server to assign IP addresses to client
computers or to use a static IP address pool.
 PPP - Options:
o Multilink connections
o Dynamic bandwidth control using BAP or BACP
o Link control protocol (LCP) extensions
o Software compression
 Event Logging - Can enable or disable PPP logging. Other options:
o Log errors only
o Log errors and warnings
o Log the maximum amount of information
o Disable event logging
9
4
Exercise 6:-
Terminal Services provides remote computers access to Windows-based programs that are running on the
server. Microsoft Windows 2000 Server and Microsoft Windows 2000 Advanced Server includes
Terminal Services Client Software to support 16 and 32-bit Windows-based clients. In remote
administration mode, Terminal Services provides access to physically or logically distant servers. In
Application Server mode, Terminal Services provides a multisession environment for server-side
computing. This step by step article describes how to install Terminal Services using the Application
Server mode.
Installing Terminal Services

There are three components necessary to understand when you are installing and enabling the Windows
2000 Terminal Services. The following list briefly describes these components:
• Server - The computer in which nearly all of the computing resources reside that will be used in the
Terminal Services networking environment. The server will receive and process the keystrokes and
mouse movements that take place at the client computer. The server displays the desktop and running
applications within a window on the client computer.
• Messaging - This communication occurs between the server and clients by way of the Remote Desktop
Protocol (RDP). RDP is an application-layer protocol that relies on TCP/IP.
• Clients - The computer on the network from which it is possible to open a window containing a
terminal session. In this window is the remote desktop running on the server. Applications and windows
that are opened on this desktop are actually running on the server.
Enabling Terminal Services in Application Server Mode

To enable Terminal Services in Application Server mode on the domain controller, the information
technology (IT) administrator logs on to server as the administrator and performs the following
procedures.
To enable Terminal Services:

1. Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
2. Click Add/Remove Windows Components to start the Windows Components Wizard. In the
Components list, to add or remove a component, click to select a check box. A shaded box indicates that
only part of the component will be installed. Select the Terminal Services check box, and then click
Next.
3. In the Windows Components Wizard with Terminal Services selected, click Details to see what is
included in the component. You will see the two following sub-components:
• Client Creator Files - Enables the creation of installation floppy disks for Terminal Services Client
computers.
• Enable Terminal Services - Enables the Terminal Services software on your computer.
4. Click Next to continue.
5. On the next screen, you are prompted to install Terminal Services to run in one of two modes:
9
5
• Remote Administration - This mode permits two Terminal Services client connections to the server.
This mode does not require licensing, but allows only members of the Administrators group to access
the server. This is an excellent choice for non-Terminal Services servers, to enable remote control-
type access to remote servers.
• Application Server - This mode permits more than two simultaneous connections by non-
administrators, but requires the Terminal Services Licensing service to be installed on a domain
controller (for which you can use any server in a workgroup environment). A Terminal Services
Client Access License is also required for non-Windows 2000 Professional clients.
NOTE: Terminal Services Licensing is a required component that licenses clients on a Terminal
server in Application Server mode. For computers that are in a Windows 2000 domain, Microsoft
recommends that you do not enable Terminal Services Licensing on the same computer with
Terminal Services.
6. In Terminal Services Setup, verify that Application Server mode is selected, and then click Next.
NOTE: In Terminal Services Setup, you may see programs listed that will not work properly when
Terminal Services is enabled. You need to reinstall these programs for multisession access by using the
Add/Remove Programs tool after you enable Terminal Services.
7. In the next screen, click the appropriate option to specify whether you want permissions to be
compatible with Windows 2000 Users or with Terminal Server 4.0 Users. Use the Permissions
compatible with Windows 2000 Users option for the most secure environment in which to run
applications.
8. In Terminal Services Licensing Setup, specify whether you want the license server to serve your entire
enterprise or your domain/workgroup, and then provide the directory location for the database. Wait for
the installation to finish, and then click Finish. In the Add/Remove Programs window, click Close.
NOTE: The required files are copied to your hard disk, and you can use server software after you restart
the computer.
Exercise -9:- Install and configure a Web Server
Below is the step-by-step guide for setting up a World Wide Web server for anonymous access in a
Windows 2000 environment.
Installing Internet Information Services

Microsoft Internet Information Services (IIS) is the Web service that is integrated with Windows 2000. To
install IIS:
2. In Control Panel, double-click Add/Remove Programs.
3. Click Add/Remove Windows Components.
4. In the Windows Components Wizard, select the Internet Information Services (IIS) check box, and
then click Details.
5. Clear all the check boxes, and then select the following check boxes:
Common Files
Documentation
FrontPage 2000 Server Extensions
Internet Information Services Snap-In
Internet Services Manager
World Wide Web Server
6. Click OK, and then on the Windows Components page, click Next. If you are prompted to do so, insert
the Windows 2000 CD-ROM, and then click OK.
7. On the "Completing the Windows Components Wizard" page, click Finish.
8. In the Add/Remove Programs dialog box, click Close.
Configuring Anonymous Authentication
9
6
1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services
Manager. (In Windows 2000 Professional, you can start Administrative Tools from Control Panel.)
2. Right-click * server name (where server name is the name of the server), and then click Properties.
3. In the Master Properties box, click WWW Service (if it is not already selected), and then click the Edit
button that is next to the Master Properties box.
4. Click the Directory Security tab.
5. Under Anonymous access and authentication control, click Edit.
6. Under Authenticated access, select the Integrated Windows authentication check box.
7. Select the Anonymous access check box, and then click Edit. Note the user account in the Username
box. This account is used by Windows to authenticate anonymous users when they browse the Web site.
8. Click OK, click OK, click OK, and then click OK.
Basic Web Site Configuration

1. Start Internet Services Manager.
2. In the Tree list, expand * server name (where server name is the name of the server).
3. Right-click Default Web Site, and then click Properties.
4. If you have multiple IP addresses assigned to your computer, click the IP address that you want to
assign to this Web site in the IP Address box.
5. If you do not want unlimited connections to the Web site, click Limited To, and then type the number
of concurrent connections that you want.
NOTE: Windows 2000 Professional is limited to 10 concurrent connections.
Each client that browses the Web site generally uses about 3 connections.
6. Click the Performance tab.
7. Move the Performance tuning slider to the position that you want.
8. If you want to limit the amount of network bandwidth that is available for connections to this Web site,
select the Enable bandwidth throttling check box, and then type the amount that you want in the
Maximum network use box.
9. If you want to limit the amount of computer processing time spent servicing requests for content on this
Web site, select the Enable process throttling check box, and then type the amount that you want in
the Maximum CPU use box.
This prevents the Web site from consuming too much processor time to the detriment of other computer
processes.
NOTE: Bandwidth throttling is not available in Windows 2000 Professional.For additional information,
click the article number below to view the article in the Microsoft Knowledge Base:
263857 Items in the ISM Are Missing or Appear Dimmed on Windows 2000 Professional
10. Click the Home Directory tab.
9
7
• If you want to use Web content that is stored on the local computer, click A directory located on
this computer, and then type the path that you want in the Local Path box. For example, the
default path is C:\Inetpub\wwwroot.
NOTE: For added security, do not create Web content folders in the root folder.
• If you want to use Web content that is stored on a different computer, click A share located on
another computer, and then type the location that you want in the Network Directory box that
appears.
• If you want to use Web content that is stored on another Web address, click A redirection to a
URL, and then type the location that you want in the Redirect to box. Under The client will be
sent to, select the appropriate check box.
11. Click the Documents tab. Note the list of documents that IIS can use as the default start documents. If
you want to use Index.html as your start document, you must add it. To do this:
a. Click Add.
b. In the Add Default Document dialog box, type Index.html, and then click OK.
c. Click the up-arrow button until Index.html is displayed at the top of the list.
12. Click the Operators tab. Note the user accounts that have operator privileges on this Web site. Click
Add to add additional user accounts to operate this Web site.
NOTE: The Operators tab is not available in Windows 2000 Professional.For additional information,
click the article number below to view the article in the Microsoft Knowledge Base:
263857 Items in the ISM Are Missing or Appear Dimmed on Windows 2000 Professional
13. Click OK to return to the Internet Information Services window.
14. Right-click Default Web Site, and then click Stop.
15. Right-click Default Web Site, and then click Start.
The server is now configured to accept incoming Web requests to the default Web site. You can replace
the content of the default Web site with the Web content that you want, or you can create a new Web site.
Session 8:- Windows 2000: Security
Exercise 1:-
You can use IP Security (IPSec) in tunnel mode to encapsulate Internet Protocol (IP) packets and
optionally encrypt them. The primary reason for using IPSec tunnel mode (sometimes referred to as "pure
IPSec tunnel") in Microsoft Windows 2000 is for interoperability with third-party routers or gateways that
do not support Layer 2 Tunneling Protocol (L2TP)/IPSec or PPTP Virtual Private Networking (VPN)
tunneling technology.
Windows 2000 supports IPSec tunneling for situations where both tunnel endpoints have static IP
addresses. This is primarily useful in gateway-to-gateway implementations, but may also work for
specialized network security scenarios between a gateway/router and a server (like a Windows 2000 router
routing traffic from its external interface to an internal Windows 2000-based computer securing the
internal path by establishing an IPSec tunnel to the internal server providing services to the external
clients).
Windows 2000 IPSec tunneling is not supported for client remote access VPN use because the IETF IPSec
RFCs do not currently provide a remote access solution in the Internet Key Exchange (IKE) protocol for
client-to-gateway connections. The IETF RFC 2661 for Layer 2 Tunneling Protocol (L2TP) was
specifically developed by Cisco, Microsoft, and others for the purpose of providing client remote access
VPN connections. In Windows 2000, client remote access VPN connections are protected using an
automatically generated IPSec policy that uses IPSec transport mode (not tunnel mode) when the L2TP
tunnel type is selected.
9
8
Windows 2000 IPSec tunneling also does not support protocol and port-specific tunnels. While the
Microsoft Management Console (MMC) IPSec Policy snap-in is very general and allows you to associate
any type of filter with a tunnel, make sure you use only address information in the specification of a filter
for a tunnel rule.
Details on how the IPSec and IKE protocols work can be found in the Microsoft Windows 2000 Resource
Kit and in the Windows 2000 IPSec end-to-end walkthrough. Information about where you can find these
documents is included at the end of this article.
This article explains how to configure an IPSec tunnel on a Windows 2000 gateway. Because the IPSec
tunnel secures only traffic specified in the IPSec filters you configure, this article also describes how to
configure filters in Routing and Remote Access Service (RRAS) to prevent traffic outside the tunnel from
being received or forwarded. This article outlines the following scenario to make it easy to follow the
configuration steps:
NetA - Windows 2000 gateway --- Internet --- third-party gateway - NetB W2KintIP W2KextIP
3rdExtIP 3rdIntIP
NetA is the network ID of the Windows 2000 gateway internal network.
W2KintIP is the IP address assigned to the Windows 2000 gateway internal network adapter.
W2KextIP is the IP address assigned to the Windows 2000 gateway external network adapter.
3rdExtIP is the IP address assigned to the third-party gateway external network adapter.
3rdIntIP is the IP address assigned to the third-party gateway internal network adapter.
NetB is the network ID of the third-party gateway internal network.

The goal is for the Windows 2000 gateway and the third-party gateway to establish an IPSec tunnel when
traffic from NetA needs to be routed to NetB or when traffic from NetB needs to be routed to NetA so
traffic is routed over a secure session.
You need to configure an IPSec policy. You must build two filters; one to match packets going from NetA
to NetB (tunnel 1), and one to match packets going from NetB to NetA (tunnel 2). You need to configure a
filter action to specify how the tunnel should be secured (a tunnel is represented by a rule, so two rules are
created).
Typically, a Windows 2000 gateway is not a member of a domain, so a local IPSec policy is created. If the
Windows 2000 gateway is a member of a domain that has IPSec policy applied to all members of the
domain by default, this prevents the Windows 2000 gateway from having a local IPSec policy. In this case,
you can create an Organizational Unit (OU) in Active Directory, make the Windows 2000 gateway a
member of this OU, and assign the IPSec policy to the Group Policy Object (GPO) of the OU.
1. Use the MMC to work on the IP Security Policy Management snap-in (a quick way to load this is to click
Start, click Run, and then type secpol.msc).
2. Right-click IP Security Policies on Local Machine, and then click Create IP Security Policy.
3. Click Next, and then type a name for your policy (for example, IPSec Tunnel with third-party Gateway).
NOTE: You can also type more information in the Description box.
4. Click to clear the Activate the default response rule check box, and then click Next.
5. Click Finish (keep the Edit check box selected).
NOTE: The IPSec policy is created with default settings for the IKE main mode (phase 1) on the General
tab, in Key Exchange. The IPSec tunnel consists of two rules, each of which specifies a tunnel endpoint.
9
9
Because there are two tunnel endpoints, there are two rules. The filters in each rule must represent the
source and destination IP addresses in IP packets that are sent to that rule's tunnel endpoint.
In the IP Security Policies on Local Machine MMC snap-in, right-click your new policy, and then click
Assign. A green arrow appears in the folder icon next to your policy.
After your policy is assigned, you have two additional active filters (RRAS automatically creates IPSec
filters for L2TP traffic). To see the active filters, type the following command at a command prompt:
netdiag /test:ipsec /debug
You can optionally redirect the output of this command to a text file so you can view it with a text editor
(such as Notepad) by typing the following command:
netdiag /test:ipsec /debug > filename.txt
The netdiag command is available after you install the Microsoft Windows 2000 Resource Kit, which you
can install from your Windows 2000 CD-ROM. To install the kit, locate the Support\Tools folder, and
then double-click the Setup.exe file. After installation, you may need to run the netdiag command from
the %SystemRoot%\Program Files\Support Tools folder (where %SystemRoot% is the drive where
Windows 2000 is installed).
The tunnel filters look similar to the following example:

Local IPSec Policy Active: 'IPSec tunnel with {tunnel endpoint}' IP Security Policy Path:
SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{-longnumber-}
There are two filters

From NetA to NetB
Filter ID: {-long number-}
Policy ID: {-long number-}
IPSEC_POLICY PolicyId = {-long number-}
Flags: 0x0
Tunnel Addr: 0.0.0.0
PHASE 2 OFFERS Count = 1
Offer #0:
ESP[ DES MD5 HMAC]
Rekey: 0 seconds / 0 bytes.
AUTHENTICATION INFO Count = 1
Method = Preshared key: -actual key-
Src Addr: NetA Src Mask: -subnet mask-
Dest Addr: NetB Dest Mask: -subnet mask-
Tunnel Addr: 3rdExtIP Src Port: 0 Dest Port: 0
Protocol: 0 TunnelFilter: Yes
Flags : Outbound
From NetB to NetA
Filter ID: {-long number-}
Policy ID: {-long number-}
IPSEC_POLICY PolicyId = {-long number-}
Flags: 0x0
Tunnel Addr: 0.0.0.0
PHASE 2 OFFERS Count = 1
Offer #0:
ESP[ DES MD5 HMAC]
Rekey: 0 seconds / 0 bytes.
AUTHENTICATION INFO Count = 1
Method = Preshared key: -actual key-
Src Addr: NetB Src Mask: -subnet mask-
Dest Addr: NetA Dest Mask: -subnet mask-
Tunnel Addr: W2KextIP Src Port: 0 Dest Port: 0
1
0
Protocol: 0 TunnelFilter: Yes
Flags: Inbound
Exercise- 2
Traditionally, a firewall has been a dedicated piece of hardware meant to allow two networks to
communicated in a limited way. A typical setup is to allow users behind the firewall to access web pages
and email without allowing users on the outside to access any computers on the internal network. In recent
years, software firewalls have come into use, and they pose a cost effective solution for many users, such
as those with home or small office broadband networks. Note that Windows XP (prior to SP2) comes with
a software firewall built in called Internet Connection Firewall, which is often the source of connection
problems. Windows XP systems running Service Pack 2 have a much more functional "Windows
Firewall" which replaces the problematic "Internet Connection Firewall".
Exercise 3
This step-by-step article describes how to configure TCP/IP Filtering on Microsoft Windows 2000-based
computers.
Windows 2000-based computers support several methods of controlling inbound access. One of the most
simple and most powerful methods of controlling inbound access is by using the TCP/IP Filtering feature.
TCP/IP Filtering is available on all Windows 2000-based computers that have the TCP/IP stack installed.
TCP/IP Filtering is useful from a security standpoint because it works in Kernel mode. In contrast, other
methods of controlling inbound access to Windows 2000-based computers, such as by using the IPSec
Policy filter and the Routing and Remote Access server, depend on User-mode processes or the
Workstation and Server service.
You can layer your TCP/IP inbound access control scheme by using TCP/IP Filtering with IPSec filters
and Routing and Remote Access packet filtering. This approach is especially useful if you want to control
inbound and outbound TCP/IP access. TCP/IP Security controls only inbound access.
To configure TCP/IP security:
1. Click Start , point to Settings , click Control Panel , and then double-click Network and Dial-up
Connections .
2. Right-click the interface on which you want to configure inbound access control, and then click
Properties .
3. In the Components checked are used by this connection box, click Internet Protocol (TCP/IP) , and
then click Properties .
4. In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced .
5. Click the Options tab.
6. Click TCP/IP filtering , and then click Properties .
7. Select the Enable TCP/IP Filtering (All adapters) check box. When you select this check box, you
enable filtering for all adapters, but you configure the filters on a per-adapter basis. The same filters do
not apply to all adapters.
8. There are three columns with the following labels:
TCP Ports
UDP Ports
IP Protocols
In each column, you must select either of the following options:
Permit All . If you want to permit all packets for TCP or UDP traffic, leave Permit All activated.
Permit Only . If you want to allow only selected TCP or UDP traffic, click Permit Only , click Add ,
1
0
and then type the appropriate port in the Add Filter dialog box.
If you want to block all UDP or TCP traffic, click Permit Only , but do not add any port numbers in the
UDP Ports or TCP Port column. You cannot block UDP or TCP traffic by selecting Permit Only for IP
Protocols and excluding IP protocols 6 and 17.
Note that you cannot block ICMP messages, even if you select Permit Only in the IP Protocols column
and you do not include IP protocol 1.
TCP/IP Filtering can filter only inbound traffic. This feature does not affect outbound traffic or response
ports that are created to accept responses from outbound requests. Use IPSec Policies or packet filtering if
you require more control over outbound access.
Exercise 8:-
Installing Network Monitor

As you may have already figured out, the Windows Setup program doesn’t install Network Monitor by
default. To install the Windows version of Network Monitor, open the Control Panel and select the Add /
Remove Programs option. Next, click the Add / Remove Windows Components button to launch the
Windows Components wizard. Scroll through the list of components until you locate the Management and
Monitoring Tools option. Select the Management and Monitoring Tools option and click the Details
button. Select the Network Monitor Tools option and click Next. Windows will now begin the installation
process. You may be prompted to insert your Windows installation CD. Click Finish to complete the
installation process.
Running Network Monitor

After the installation process completes, you can launch Network Monitor by selecting the Network
Monitor command found on Window’s Administrative Tools menu. When Network Monitor initially
loads, you will see a dialog box asking you to select a network that you can capture data from. Click OK
and you will see the Select a Network dialog box. Simply expand the My Computer container and then
select the network adapter that you want to monitor. Click OK to continue.
At this point, you will see the main Network Monitor screen, shown in Figure A. Right now, Network
Monitor isn’t capturing any data. It’s up to you to initiate the data capture process. Before you do though,
you might want to set up a capture filter.
1
0
Figure A: This is the main Network Monitor screen
The reason why filtering is so important is because there is a tremendous amount of traffic that flows into
and out of most servers. You can easily capture so much traffic that analyzing it becomes next to
impossible. To help cut down on the amount of traffic that you must analyze, Network Monitor allows you
to use filters. There are two different types of filters that you can use; capture filters and display filters.
Capture filters allow you to specify which types of packets will be captured for analysis. For example, you
may decide that you only want to capture HTTP packets. The main advantage to implementing a capture
filter is that by filtering packets during the capture, you will use a lot less hard disk space than you would
if you captured every packet.
Display filtering works similarly to capture filtering except that all network traffic is captured. You filter
the data that you want to analyze at the time of analysis rather than at the time of capture. Display filtering
uses a lot more hard disk space than capture filtering, but you will have the full dataset on hand just in case
you decide to analyze something other than what you originally intended.
Capturing Data
If you have decided that you want to filter the data being captured, select the Filter option from the
Capture menu, and configure your filter. Otherwise, you can start the capture process by selecting the Start
command found on the Capture menu. You can see what the capture process looks like in Figure B. When
you have captured the data that you want, then select the Stop command from the Capture menu.
1
0
Figure B: This is what the capture process looks like
Analyzing the Data

To analyze the captured data, select the Display Captured Data command from the Capture menu. When
you do, you will see the screen shown in Figure C.
1
0
Figure C: This is a summary of the captured data
The screen shown in Figure C shows a summary of all of the captured packets in the sequence that those
packets were captured. The data that you are looking at is unfiltered. You could set up a display filter at
this point by selecting the Filter option from the Display menu.
Once you have located a packet that you are interested in, double click on the packet to see it in greater
detail. When you do, you will see the screen that’s shown in Figure D.
1
0
Figure D: This is the screen that you will use to analyze a packet
As you can see in the figure, the packet screen is divided into three sections. The top section is simply a
condensed view of the summary screen. You can use this section to select a different packet to analyze
without having to go back to the mail summary screen.
The second section contains the packet’s contents in a decoded, tree format. For example, in the screen
capture, you can see that the top portion of the tree says FRAME: Base Frame Properties. If you expand
this portion of the tree, you can see the date and time that the frame was captured, the frame number, and
the frame length.
The third section contains the raw data that makes up the frame. In this section, the column to the far left
shows the base address of the bytes on that line in hexadecimal format. The middle section shows the
actual hexadecimal data that makes up the frame. The hexadecimal code is positions wide. To determine
the address of any of the hex characters, start with the base address for that line, and then count the
position of the character that you are interested in. For example, if the base address is 00000010, and the
character that you are interested in is in the twelfth position, then the character’s address would be
0000001B.
The column to the far right contains a reprint of the data in decimal notation. This is probably the most
useful part of the screen because anything that has been transmitted in clear text is clearly readable in this
column. For example, if an E-mail were transmitted in an unencrypted format and the transmission were
captured, you could read the contents of the message in this location (assuming that you could locate the
correct packet). If you look closely at Figure D, you will notice that this is an LDAP packet that I have
1
0
captured. The decimal portion of the packet clearly shows a call to the Active Directory
(CN=Configuration, DC=production, DC=com).
Exercise:-9
PPTP is a popular VPN protocol because it is very secure and easy to set up. You can deploy PPTP easily
in both Microsoft-only and mixed environments. You can configure your Windows 2000-based Routing
and Remote Access service VPN server to drop non-PPTP packets by using packet filters.
How to Configure PPTP Input Filters to Allow Inbound Traffic from PPTP VPN Clients
1. Start the Routing and Remote Access console from the Administrative Tools menu.
2. In the left pane of the Routing and Remote Access console, expand your server, and then expand the IP
Routing node.
3. Click the General node. Right-click the external interface, and then click Properties.
4. On the General tab, click Input Filters.
5. Click Add.
6. Select the Destination network check box. In the IP address box, type the IP address of the external
interface. In the Subnet mask box, type 255.255.255.255.
7. In the Protocol box, click TCP. In the Destination port box, type 1723. Click OK.
8. Click Drop all packets except those that meet the criteria below.
9. Click Add.
10. Select the Destination network check box. In the IP address box, type the IP address of the external
interface. In the Subnet mask box, type 255.255.255.255. In the Protocol box, click Other. In the
Destination port box, type 47. Click OK.
11. Click OK.
How to Configure PPTP Output Filters to Allow Outbound Traffic to PPTP VPN Clients
1. On the General tab in the External_interface Properties dialog box, click Output Filters.
2. Click Add.
3. Select the Source network check box. In the IP address box, type the IP address of the external
interface. In the Subnet mask box, type 255.255.255.255. In the Protocol box, click TCP. In the Source
port box, type 1723. Click OK.
4. Click Drop all packets except those that meet the criteria below option.
5. Click Add.
6. Select the Source network check box. In the IP address box, type the IP address of the external
interface. In the Subnet mask box, type 255.255.255.255. In the Protocol box, click Other. In the
Destination port box, type 47. Click OK.
7. Click OK.
8. Click OK.
NOTE: After you make these changes, only PPTP traffic is allowed into and out of the external interface
of the Routing and Remote Access service VPN server. These filters support communications with a PPTP
VPN client that initiates an inbound call to the Routing and Remote Access service VPN server.
1
0
Session 9 Windows 2000: Network Management
Exercise 1:-
To create or delete a Group Policy object

1. Open Group Policy Management.
2. Depending upon whether you want to create or delete, use one of the following
procedures:
• Create
• Create and
link
• Delete
Create
1. In the console tree, right-click Group Policy Objects in the forest and domain in which you want to
create a Group Policy object (GPO).
Where?
Forest name/Domains/Domain name/Group Policy Objects
2. Click New.
3. In the New GPO dialog box, specify a name for the new GPO, and then click OK.
Create and link

1. In the console tree, right-click the domain name in the forest in which you want to create and link a
Group Policy object (GPO).
Where?
Forest name/Domains/Domain name
2. Click Create and Link a GPO Here.
3. In the New GPO dialog box, specify a name for the new GPO, and then click OK.
Delete
1. In the console tree, double-click Group Policy Objects in the forest and domain containing the Group
Policy object (GPO) that you want to delete.
Where?
Forest name/Domains/Domain name/Group Policy Objects
2. Right-click the GPO, and then click Delete.
3. When prompted to confirm the deletion, click OK.
Notes
• To create a GPO, you must have GPO creation privileges. By default only domain administrators,
enterprise administrators, and members of the Group Policy creator owners group can create Group
Policy objects. To delegate GPO creation permissions to additional groups and users, go to Group
Policy Objects in the desired domain and click the Delegation tab.
• To delete a GPO, you must have Edit Settings, Delete, Modify Security permissions for the GPO.
• When you use this procedure to create a GPO, no links are created to the GPO, but you can add links
within the same forest by right-clicking any domain, site, or organizational unit, and then clicking Link
Existing GPO. Alternatively, you can both create and link a GPO by right-clicking any domain or
1
0
organizational unit and then clicking Create and Link a GPO Here.
• When you delete a GPO, Group Policy Management attempts to delete all links to that GPO in the
domain of the GPO. However, to delete a link to a GPO, you must have permission to link Group Policy
objects for the organizational unit or domain. If you do not have rights to delete a link, the GPO will be
deleted, but the link will remain. Links from other domains and sites are not deleted. The link to a
deleted GPO appears in Group Policy Management as Not Found. To delete Not Found links, you must
either have permission on the site, domain or organizational unit containing the link, or ask someone
with sufficient rights to delete it.
• Group Policy objects are distinguished in the Active Directory by GUID, and it is theoretically possible
for more than one GPO to have the same friendly name. The Group Policy Management snap-in prevents
the creation of Group Policy objects with duplicate friendly names, but the Group Policy infrastructure
does not enforce uniqueness of friendly names. Therefore, it is possible for duplication of friendly names
to occur if you use legacy tools to create Group Policy objects, if replication is slow, or if you use a script
to perform operations on Group Policy objects.
• You cannot delete the Default Domain Controllers policy or the Default Domain policy.
• Before deleting a GPO, you can check for cross-domain links by navigating to the Scope tab of the GPO
you want to delete and, in the Display links in this location box, selecting Entire Forest. You can then
select all links, right click the selection, and click Delete link. This procedure ensures that cross-domain
links are deleted before you delete the GPO.
You can start Group Policy Object Editor in several ways, depending on the action that you want to
perform. The following sections describe how to start Group Policy Object Editor in a variety of scenarios.
To Edit a Group Policy Setting on the Local Computer
To start Group Policy Object Editor to edit the local GPO, click Start, click Run, type gpedit.msc, and
then click OK.
To Edit a Group Policy Setting on Another Computer

Open the local GPO that is stored on the Windows 2000-based network computer, and then locate the
network computer. You must be an administrator of the network computer to complete this procedure.
To Edit a Group Policy Setting on a Site

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites
and Services.
2. In the console tree, right-click the site for which you want to configure a Group Policy setting, click
Properties, and then click the Group Policy tab.
3. Click an existing GPO in the Group Policy object links list, click Edit, and then link a GPO to the
intended site.
To Edit a Group Policy Setting on a Domain
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users
and Computers.
2. In the console tree, right-click the domain or organizational unit for which you want to configure a Group
Policy setting, click Properties, and then click the Group Policy tab.
3. Click Edit to open the GPO that you want to edit, and then link a GPO to the intended domain.
1
0
To Edit a Group Policy Setting on an Organizational Unit
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users
and Computers.
2. In the console tree, right-click the domain or organizational unit for which you want to configure a Group
Policy setting, click Properties, and then click the Group Policy tab.
3. Click Edit to open the GPO that you want to edit, and then link a GPO to the intended organizational
unit.
You can also link a GPO to an organizational unit that is higher in the Active Directory hierarchy so that
the organizational unit can inherit Group Policy settings.
How to Filter the Scope of Group Policy According to Security Group Membership
1. Open the GPO whose scope you want to filter.
2. Right-click the root node of the console to display the Group Policy icon that has the following label:
GPO_name [domain_controller_name.domain_name] Policy
3. Click Properties, click the Security tab, and then click the security group for which you want to filter
this GPO.
To change the list of security groups for which you want to filter this GPO, click either Add or Remove
to add or remove security groups.
4. Set the permissions as they are described in the following table, and then click OK.
Your intention Set these permissions The result
You want to apply Set Apply Group Policy This GPO applies to members of this security
this GPO to members to Allow. Set Read to group unless they are members of at least one other
of this security group. Allow. security group that has Apply Group Policy set to
Deny, Read set to Deny, or both.
Members of this Set Apply Group Policy This GPO never applies to members of this
security group are to Deny. Set Read to security group regardless of the permissions those
exempt from this Deny. members have in other security groups.
GPO.
Membership in this Do not set Apply Group This GPO applies to members of this security
security group does Policy to either Allow or group if they have both Apply Group Policy and
not determine if the Deny. Do not set Read to Read set to Allow as members of at least one other
GPO is applied. either Allow or Deny. security group. They also must not have Apply
Group, Policy, or Read set to Deny as members
of any other security group.
NOTE: GPOs are applied only to sites, domains, and organizational units. Group Policy settings affect
only the users and the computers that they contain. Specifically, GPOs are not applied to security groups.
The location of a security group in Active Directory does not affect filtering through that security group
as it is described in this procedure.
If a user or a computer is not contained in a site, a domain, or an organizational unit that is subject to a
GPO either directly through a link, or indirectly through inheritance, you cannot set any combination of
permissions on any security group to make those Group Policy settings affect that user or computer.
Filtering at the GPO level, as it is described in this procedure, causes the GPO to be processed or not
processed as a whole. The Software Installation extension and the Folder Redirection extension use
1
1
security groups to refine control beyond the GPO level. Except for Folder Redirection and Software
Installation, security groups are not used to filter individual settings or subsets of a GPO. For control over
individual settings, edit or create a GPO instead.
How to Find the Sites, Domains, and Organizational Units to Which a GPO Is Linked
1. Start Group Policy Object Editor with the GPO that you want to find at the root node of the console.
2. Right-click the root node of the console, and then click Properties.
3. Click the Links tab, and then click Find Now.
The sites, domains, and organizational units to which the GPO is linked are listed in the Sites, Domains
or Organizational Units found box. NOTE: If the GPO is linked to more than one domain, you can
limit your search for organizational units to one domain at a time by using the list in the Domain box.
How to Turn Off the User Configuration Settings in a GPO

1. Open the GPO that you want to edit.
2. Right-click the console root, which appears as the following line:
GPO_name [domain_name] Policy
3. Click Properties, make sure that Disable User Configuration settings is selected, and then click
OK.NOTE: The User Configuration settings in this GPO no longer affect any site, domain, or
organizational unit to which this GPO is linked.
How to Turn Off the Computer Configuration Settings in a GPO

1. Open the GPO that you want to edit.
2. Right-click the console root, which appears as the following line:
GPO_name [domain_name] Policy
3. Click Properties.
4. Make sure Disable Computer Configuration settings are selected, and then click OK.NOTE: After you
turn off the Computer Configuration settings in a GPO, they no longer affect any site, domain, or
organizational unit to which this GPO is linked.
Exercise 4:-
In general, groups are used to grant permissions to similar types of users, to make contact of multiple users
easier, and to simplify administration. For example, instead of having to enter 10 email addresses in the
message header, a message can be sent to one group email, which is then fanned out to all 10 email
addresses in the group.
Group Types and Scopes

Microsoft Windows 2003 defines different group types, with each group having a unique scope. The three
group types that can be created within Active Directory are
 Security Groups—Groups used to secure access to network resources via permissions; they can
also be used to distribute email messages.
 Distribution Groups—Groups that can be used only to distribute email; they have a fixed
membership that can’t be used to access network resources.
 Query-Based Distribution Groups (QBDGs)—These groups are new to Exchange 2003. Their
membership is based on a LDAP (Lightweight Distribution Access Protocol) query that can be
used only to distribute email. Using LDAP, a member list is created whenever messages are sent
to a group.
1
1
So what is the main difference between a security and a distribution group? Although both groups can
have an email address associated with them, a distribution group cannot be used to set security settings.
For example, you cannot create a distribution group called Project Team and then assign security rights to
that group.
When you are working with distribution and security groups, there are many things that can or cannot be
done, depending on the group’s scope and the mode that Windows Server is running. The are three types
of scopes—global, domain local, and universal—and two type of modes, mixed or native. See Table 3.1
for a summary of what can and cannot be done according to the network operating mode.
Table 3.1 Understanding Group Scope, Group Membership, and

Windows Operating Mode
Windows Mixed
Scope Group Membership Windows Native Mode
Mode
Global groups, accounts, and universal
Permission assigned only in the Global groups and
Domain groups from any domain. Domain local
same domain; can be put into accounts from any
Local groups can be only from the same
other domain local groups. domain.
domain.
Permissions assigned in any Can contain
Global groups and accounts only from
Global domain; can be put into other accounts only from
the same domain.
groups. the same domain.
Can be assigned permissions in Not available in
Regardless of scope, can contain
Universal any domain and can be put into mixed mode
accounts or groups from any domain.
other groups. domains.
Creating Security or Distribution Groups

Using the following steps, administrators can create security or distribution groups:
1. Open Active Directory User and Computers. Right-click in the container where you want to
create a new group, select New, and then select Group.
2. As shown in Figure 3.3, the New Object-Group dialog box will appear. In the Group Name field,
type up to a 64 character name for the new group. The first 20 characters will be automatically
inserted for the Pre-Windows 2000 group name and must be unique for the domain. If needed,
you can type a unique name into this field.
Figure 3.3 Creating security and distribution groups through Active Directory Users and
Computers.
1
1
3. Select a group type of either Domain local, global, or universal (available only in native mode).
The recommended scope type is universal; if you are unsure about which scope to use, choose
universal.
4. Select Security or Distribution for your group type and click Next.
5. If the Exchange is set up properly, the Create an Exchange Email Address option will be
available. Make sure that the box is checked and that the correct Alias name for the email address
is displayed. (By default, the alias name is set to the group name.) If an Exchange email address
isn’t needed, uncheck this option.
6. Click Next and then click Finish, creating the group. If creation of an email address was selected,
SMTP and X.400 email addresses will be automatically created.
After the group is created, administrators can change additional group properties, such as adding members
to the group, setting message size-restriction limits, adding or removing email addresses, or limiting which
users can send messages to the group.
Creating Query-Based Distribution Groups

Query-based distribution groups do not have a scope that is domain local, global, or universal. Their
membership can contain users and groups from other domains or forests or members of the local domain.
Their scope is determined by the container associated with the group when it is created. For example, if the
container associated with the group is pandoranetworks.com, the query filter is applied to all recipients in
the domain. If a filter is applied to a specific organization unit (OU) in a domain, the filter applies to all
recipients in the container and those in any containers below.
NOTE
Query-based distribution groups are available only when Exchange is running in native mode and all
servers in the enterprise are at least running Exchange 2000 SP3 or later. An administrator can check
which mode Exchange is in by opening ESM, clicking the Exchange Organization, and then selecting
Properties. Review the Operation Mode section to see what mode your Exchange server is currently
running in.
The beauty of query-based distribution groups is that less time is spent managing group membership. In
most organizations, people move around the company to different roles, departments, or eventually leave
the company. Instead of specifying static user memberships, query-based distribution groups minimize the
amount of time spent adding or removing users from groups by allowing LDAP queries to dynamically
build membership in the distribution group. The group membership is created on-the-fly. An LDAP query
is run every time an email is sent to this dynamic distribution list. Thus, using query-based distribution
groups can dramatically reduce the administrative costs.
CAUTION
Query-based distribution groups work best when the member list results are 25 to 30 members or fewer.
Potential member lists in the hundreds or thousands will put severe processing demands on a global
catalog server because of the inefficient nature of the LDAP queries. If query-based distribution groups
1
1
have potential to grow to larger numbers, switching the processing tasks from the global catalog server to a
dedicated LDAP expansion server will help in resolving large distribution lists more quickly.
Because groups are used to manage email distribution and permissions, remember to create groups that
will contain similar types of users. Typically, administrators create groups for users who work in the same
departments and need access to similar network resources, users who have similar roles in an organization
(executives, directors, engineers, and so on), or for users on specific company projects. Using the
following steps, administrators can create query-based distribution groups:
1. Open Active Directory User and Computers. Right-click in the container where you want to
create a new group, select New, and then select Query-Based Distribution Group.
2. As shown in Figure 3.4, the New Object-Query-based Distribution Group dialog box will appear.
Type in a group name and, if required, a different alias for the group. Otherwise, the group name
will be automatically inserted for the Exchange alias and will be used to set the group email
address.
Figure 3.4 Creating query-based distribution groups through Active Directory Users and
Computers.
3. The container in which the group is created defines the scope of the LDAP query. This means the
query filter will apply to all recipients of the container selected and below the specified container.
Choose one of the preconfigured filters; otherwise, select the Customize Filter option and click
Customize. The Find Exchange Recipients dialog box, as shown in Figure 3.5, appears.
Figure 3.5 Customizing the LDAP query filter parameters in the Find Exchange Recipients dialog
box.
4. Use the following tabs to configure additional parameters:

o General—Used to select the recipient types in the group.
o Storage—Used to limit the mailbox to a specific server or mailbox store.
o Advanced—Used to create combinations of fields, operators, and search criteria.
5. When you’re finished selecting criteria, click OK to return to the wizard. Click Next and then
click Finish to create the group. As with other groups, if creation of an email address was
selected, SMTP and X.400 email addresses will be automatically created.
Again, after the group is created, administrators can manage additional group properties, such as adding
members to the group, setting message size-restriction limits, changing, adding, or removing email
addresses, limiting which users can send messages to the group, adding an expansion server, or
1
1
configuring out-of-office options and nondelivery settings. Many settings can be configured; explore the
ones that best fit your organization.
Renaming and Deleting Groups

Renaming and deleting groups each has a different effect on the security identifier (SID); object values are
used to identify, handle, and track permissions independently of group names. When a group is renamed,
the group is given a new label. Changing the name does not affect the SID, Exchange alias, or email
addresses associates with the group. The group can be renamed in ADUC in two easy steps:
1. Right-click the group name and then select Rename. Type in the new group name and press
Enter.
2. When the Rename Group dialog box appears, press Tab and type in a new pre-Windows 2000
group name; then click OK to complete the group rename.
Deleting a group removes it permanently from Active Directory. In theory, after a group is deleted, a
group with the same name cannot be created with the same permissions of the original group. Group
names can be reused, but because the SID of the new group name will not match the SID of the original
group name, the permission settings must be manually re-created. Deleting a group is accomplished by
highlighting the appropriate group, right-clicking, and selecting Delete or pressing the Delete key.
NOTE
Windows has built-in security features that will not allow deletion of built-in groups. There is no right-
click Delete option and pressing Delete yields no results.
Exercise -5 Backup and restore all files in a domain
During a typical file restore operation, Microsoft Windows Backup operates in nonauthoritative restore
mode. In this mode, Windows Backup restores all files, including Active Directory objects, with their
original Update Sequence Number (USN) or numbers. The Active Directory replication system uses the
USN to detect and replicate changes to Active Directory to all the domain controllers on the network. All
data that is restored nonauthoritatively appears to the Active Directory replication system as old data. Old
data is never replicated to any other domain controllers. The Active Directory replication system updates
the restored data with newer data from other domain controllers. Performing an authoritative restore
resolves this issue.
Note Use an authoritative restore with extreme caution because of the effect it may have on Active
Directory. An authoritative restore must be performed immediately after the computer has been restored
from a previous backup, before restarting the domain controller in normal mode. An authoritative restore
replicates all objects that are marked authoritative to every domain controller hosting the naming contexts
that the objects are in. To perform an authoritative restore on the computer, you must use the Ntdsutil.exe
tool to make the necessary USN changes to the Active Directory database.
There are certain parts of Active Directory that cannot or should not be restored in an authoritative
manner:
• You cannot authoritatively restore the schema.
• The configuration naming context is also very sensitive, because changes will affect the whole forest.
For example, it does not make sense to restore connection objects. Connection objects should be
recreated by the Knowledge Consistency Checker (KCC) or manually. Restoring server and NTDS
1
1
settings objects makes sense when no destructive troubleshooting was done before.
• In the domain context, do not restore any objects that deal with relative identifier (RID) pools. This
includes the subobject "Rid Set" of domain controller computer accounts and the RidManager$ object in
the SYSTEM container.
• Another issue is that many distinguished name-type links may break when you restore. This may affect
objects that are used by the File Replication Service (FRS). These exist underneath CN=File Replication
Service,CN=System,DC=yourdomain and CN=NTFRS Subscriptions,CN=DC computer account.
• Attempts to authoritatively restore a complete naming context will always include objects that can
disrupt the proper functionality of crucial parts of Active Directory. You should always try to
authoritatively restore a minimal set of objects.
• Finally, similar issues might exist for objects created by other applications. These go beyond the scope
of this article.
A system state restore replaces all new, deleted, or modified objects on the domain controller that is being
restored.
A system state restore of a naming context that contains two or more replicas is an authoritative merge. In
an authoritative merge, all objects that are deleted or modified are rolled back to when the backup was
made. Objects that were created after the backup are replicated from naming context replicas. An
authoritative merge represents a merge of the state that existed when the backup was made with new
objects that were created after the backup.
When you nonauthoritatively restore a naming context that contains a single replica, you actually perform
an authoritative restore.
Performing an authoritative restore

After the data has been restored, use Ntdsutil.exe to perform the authoritative restore. To do this, follow
these steps:
1. At a command prompt, type ntdsutil, and then press ENTER.
2. Type authoritative restore, and then press ENTER.
3. Type restore database, press ENTER, click OK, and then click Yes.
Restoring a subtree
Frequently, you may not want to restore the whole database because of the replication impact this would
have on your domain or forest. To authoritatively restore a subtree within a forest, follow these steps:
1. Restart the domain controller.
2. When the Windows 2000 Startup menu is displayed, select Directory Services Restore Mode, and then
press ENTER.
3. Restore the data from backup media for an authoritative restore. To do this, follow these steps:
a. In Directory Services Restore mode, click Start, point to Programs, point to Accessories, point to
System Tools, and then click Backup to start the Windows 2000 Server Backup utility.
b. Click Restore Wizard, and then click Next.
c. Select the appropriate backup location, and then make sure that at least the System disk and System
State containers are selected.
d. Click Advanced, and then make sure that you restore junction points. If you do not use the Advanced
menu, the restore process will not be successful.
e. In the Restore Files to list, click Original Location.
f. Click OK, and then complete the restore process. A visual progress indicator is displayed.
g. When you are prompted to restart the computer, do not restart.
4. At a command prompt, type ntdsutil, and then press ENTER.
5. Type authoritative restore, and then press ENTER.
6. Type the following command, and then press ENTER:
1
1
restore subtree ou=OU_Name,dc=Domain_Name,dc=xxx
Note In this command, OU_Name is the name of the organizational unit that you want to restore,
Domain_Name is the domain name that the OU resides in, and xxx is the top-level domain name of the
domain controller, such as "com," "org," or "net."
7. Type quit, press ENTER, type quit, and then press ENTER.
8. Type exit, and then press ENTER.
9. Restart the domain controller.
Exercise 7
Intrusion detection is a process that proactively detects inappropriate, incorrect, or anomalous activity
from an external network (Internet) against the IT infrastructure of an organization. Some of the popular
intrusion methods include port scanning, WinNuke, DoS attacks, or ping of death, which a regular firewall
cannot detect. The intrusion could be accidental or intended with the purpose of disrupting work or
damaging the reputation of the organization. Unless these attacks are detected well in advance and
appropriate actions taken, they can lead to financial losses and customer dissatisfaction.
Many organizations sell intrusion detection tools for additional cost. ISA Server 2004 has an integrated
basic intrusion detection tool licensed from Internet Security Systems (ISS). This provides a cost-effective
intrusion detection solution for any medium business, and is recommended by the Medium Business
Solution for Core Infrastructure.
Based on the recommendations provided in this chapter, Lucerne Publishing decided to make use of the
built-in intrusion detection feature of ISA Server 2004 instead of investing in a separate intrusion detection
software.
Application Filtering
Application layer protocol traffic, such as SMTP, HTTP, DNS, RPC (Remote Procedure Call), PPTP, and
FTP, can contain malicious codes and scripts, inappropriate commands, and binary files containing
viruses. These codes, scripts, commands, and viruses can cause serious damage if they reach the internal
network of the organization. Application filtering scans the traffic passing through the firewall and filters
out packets that have malicious code, scripts, or viruses. Both inbound and outbound traffic should be
scanned. Outgoing traffic is scanned to ensure that the organization is not a source for spreading viruses
and worms on the Internet.
The firewall server should be able to provide application filtering for various application layer
protocols. Some examples of how application filtering can be used in the medium IT environment
are as follows:
• SMTP filtering protects internal mail servers from security threats that include buffer overflow attacks
caused by malicious SMTP request designed and sent by the attackers.
• HTTP (and secure HTTP (HTTPS)) filtering enables a device to scan the HTTP and tunneled FTP traffic
for hidden security threats. Possible threats include:
1
1
• Malicious code, viruses, and worms in content that is downloaded from the Internet. This includes
Code Red and Nimda viruses.
• Web requests containing malicious code inside the HTTP header or data, which can cause internal
Web servers to malfunction and send malicious code to other systems on the network. Examples
include directory traversal attacks, buffer overflow attacks, cross-site scripting attacks, and high-bit
encoding attacks.
• Malicious code hidden inside an SSL connection, sent by a client computer connecting to the internal
secure Web sites.
In the Medium Business Solution for Core Infrastructure, the following two choices were considered for
providing application filtering:
• Application filtering feature built into ISA Server.
• Non-Microsoft application filtering software.
The following table presents the advantages and disadvantages of these choices.
Choice Advantages Disadvantages

Application filtering Cost-effectiveness: The ISA Server has Limited filtering capabilities: The
built into ISA Server built-in application layer filtering capability built-in application-filtering feature of
for most of the popular applications, the ISA Server provides filtering
including SMTP, HTTP, FTP, DNS, RPC, capabilities for a limited number of
H.323, MMS, and PPTP. application layer protocols compared to
SSL bridging: ISA Server provides SSL- non-Microsoft application filtering
to-SSL bridging capability for decrypting software. In addition, the built-in feature
SSL traffic and checking the content for lacks the richness of the feature sets
malicious code before forwarding traffic to supported by non-Microsoft application
the internal server through secure SSL filtering software.
connection.
Non-Microsoft Enhanced features: Some of non- Additional hardware: Requires
application filtering Microsoft software provides enhanced additional hardware resources for
software filtering features for a variety of installing the software on a system.
applications. Additional cost for software: The
Monitoring and reporting: Provides real- software needs to be purchased
time monitoring and reporting and separately. This leads to additional cost
graphical data output for various analysis incurred for hardware resources and
purposes. maintenance of the software.
Requirement for training: The IT
generalists might require training.
Table 3. Application Filtering Choices
The Medium Business Solution for Core Infrastructure recommends using the built-in application-filtering
feature of ISA Server 2004. Lucerne Publishing decided to follow this recommendation and implement
cost-effective and easy-to-manage application filtering.
1
1
Web Proxy
The Web proxy feature enables the firewall to provide proxy services to Web requests coming from the
internal network behind the firewall or proxy server. The firewall or proxy server creates connections to
the Web servers on the Internet on behalf of clients on the internal network. The firewall receives
responses from the Web server, inspects the content for any vulnerability, and forwards the responses to
the client on the internal network that requested the connection. The choice to be made is whether to use
Web proxy in the medium IT environment.
The following table presents the advantages and disadvantages of using Web proxy.
Advantages Disadvantages
High security: Web proxy acts as a gatekeeper by Low performance: Web proxy has a slight negative
preventing direct communication between Web impact on the performance of Internet access. This is
clients on the internal network and computers on because the firewall needs to do additional processing
the Internet, thereby protecting the internal Web to handle client requests.
clients from direct attacks. Configuration overhead: Clients computers in the
Monitoring: Web proxy monitors the Web traffic internal network need to be configured.
based on user name and client IP address as well as
the URL visited and the application used to access
the Internet.
Table 4. Advantages and Disadvantages of Using Web Proxy
The Medium Business Solution for Core Infrastructure recommends using Web proxy. Following this
recommendation, Lucerne Publishing decided to use the built-in Web proxy feature of the ISA Server.
They decided to remove the existing proxy server thereby reducing the additional overhead involved in
maintaining a dedicated proxy server.
Web Caching
Web caching provides improved performance for users who download content from HTTP or FTP sites.
Caching improves the response time for internal clients who access Internet Web servers as well as for
external Internet users accessing an internal Web server.
When internal users request content from Web servers on the Internet for the first time, the
content is cached by the Web cache. When the same content is requested again by an internal
user, the content is served from the Web cache. This provides the following benefits:
• Improved response time: Serving the content from the cache is much faster than downloading the
content from the Web server on the Internet.
• Reduced Internet bandwidth consumption: Because the data is downloaded only once, the Internet
bandwidth, which is expensive, is conserved.
• Data availability: If the Internet or the Web server is not available for some reason, data can still be
served to users from the cache.
A similar process of Web caching takes place when external users request content from the Web
server on the internal network. The difference, however, is that the cashing happens for outgoing
traffic and the benefits provided include:
• Reduced load on the Web server: Because the Web server does not need to serve the same content
1
1
multiple times.
• Data availability: If the internal Web server is not available for some reason, data can still be served to
external users from the cache.
In the Medium Business Solution for Core Infrastructure, the following two choices were considered for
providing Web caching:
• Web caching built into ISA Server.
• Non-Microsoft Web caching
software.
The following table presents the advantages and disadvantages of using these two choices.
Choice Advantages Disadvantages

Web caching built Cost-effectiveness: Provides a very cost- Limited management: Provides a
into ISA Server effective solution. limited set of management features
Scheduled caching: Enables caching of when compared to non-Microsoft Web
Web content at predefined schedules. caching software.
Scheduling during off-peak hours enables Performance: Performance is lower in
the organization to efficiently use the Web caching built into ISA Server. This
Internet bandwidth. is because Web caching is enabled along
with other services on firewall server.
Non-Microsoft Web Wide variety of features: Provides a wide High cost: Expensive and requires extra
caching software variety of features that are not available hardware resources.
with the ISA Server, such as virus scan and
policy triggers based on user attributes and
MIME type.
Better management: Specialized Web
caching software provide better
management features.
Table 5. Web Caching Software Choices
The Medium Business Solution for Core Infrastructure recommends using the ISA Server 2004 built-in
Web caching. Network performance is one of their current pain areas for Lucerne Publishing and they
decided to follow the Medium Business Solution for Core Infrastructure recommendation to use the built-
in Web caching feature of ISA Server 2004 and improve the network performance.
Exercise 9
Registry Editor and Registry Administration
Windows NT 4.0 includes two tools for viewing and editing the Registry, both called Registry Editor. The
traditional tool, Regedt32.exe, is featured in this chapter. The new tool, Regedit.exe, written for Windows
95, has many of the same functions as Regedt32 and uses the Windows NT Explorer interface. Both tools
are installed automatically when you install Windows NT on any computer.
1
2
You can use either Registry editor to add, delete, or modify Registry entries. This chapter describes the
Registry editors and how to use them, with an emphasis on protecting the Registry contents and using
Registry editors to monitor and maintain the system configuration on remote computers.
The following topics are included in this chapter:
• Using Registry editors and Windows NT Diagnostics (Winmsd.exe)
• Viewing the Registry of a remote computer
• Editing Registry value entries
• Maintaining the Registry
It is recommended that, wherever possible, you make changes to the system configuration by using
Control Panel or the applications in the Administrative Tools (Common) group.
Caution You can impair or disable Windows NT with incorrect changes or accidental deletions if you (or
other users) use Registry Editor to change the system configuration. Wherever possible, you should use the
Control Panel, Windows NT Diagnostics, and Administrative Tools in Windows NT to change the
Registry. Registry Editor should be used only as a last resort.
Using Registry Editors and Windows NT Diagnostics
The Registry editors, Regedt32 and Regedit, do not appear in any menus or as icons in any window.
However, they are installed automatically when you install Windows NT.
To run a Registry editor

1. Start Regedt32.exe or Regedit.exe from Windows NT Explorer.
– Or –
Click Start, point to Run, then type Regedt32 or Regedit in the Run dialog box.
– Or –
Type Regedt32 or Regedit at the command prompt, and press ENTER.
2. Regedt32 has a read-only mode that protects the Registry contents from unintentional changes while
you explore its structure and become familiar with the entries. From the Options menu in Regedt32,
click Read Only Mode.
3. Click any folder icon to display the contents of that key.
Working in the Registry Editor Windows

You can use the mouse or commands to manipulate the windows and panes in a Registry editor.
For example:
• Double-click a folder or key name to expand or collapse that entry. Or, use commands on the View and
Tree menus to control the display of a selected key and its data.
• Use the mouse or the arrow keys to move the vertical split bar in each window to control the size of the
left and right panes.
• From the Window menu, click Tile or Cascade to arrange the Registry Editor windows.
• From the Options menu in Regedt32 click Auto Refresh to update the display continuously, or update it
manually by clicking Refresh All or Refresh Active on the View menu. Regedit does not have an
automatic refresh feature. To update the display when you are using Regedit, from the View menu, click
Refresh or press F5.
Tip Turning off Auto Refresh in Regedt32 improves its performance.
1
2
• To search for keys and subkeys, value entries, and values in Regedit, use the Find command on the Edit
menu. You search for a key or subkey by using the Find Key command on the View menu in Regedt32,
but you cannot search for value entries or values.
Table 24.1 shows some methods of using the keyboard to display data in each of the Registry
Editor windows.
Procedure Keyboard action

Expand one level of a selected Registry key. Press ENTER.
Expand all of the levels of the predefined handle in the Press CTRL + *.
active Registry window.
Expand a branch of a selected Registry key. Press the asterisk (*) key on the numeric
keypad.
Collapse a branch of a selected Registry key. Press ENTER or the minus (–) sign on the
numeric keypad.
For more information about Regedt32 and Regedit, click Help Topics on the Help menu of either
application.
Using Windows NT Diagnostics to View System Configuration Data

You can also use the Windows NT Diagnostics tool to view configuration data in the Registry. Windows
NT Diagnostics (Winmsdp.exe) is installed in the Administrative Tools (Common) group on the Start
menu and in Windows NT Explorer in the Systemroot\System32 directory when you set up Windows NT.
When you want to browse for system information, Windows NT Diagnostics is the best tool to choose.
Figure 24.1 shows the Windows NT Diagnostics dialog box.
1
2
Figure 24.1 The Windows NT Diagnostics dialog box
In the Windows NT Diagnostics dialog box, click a tab to display data from the Registry in an easily
readable format.
Tip You cannot edit value entries by using Windows NT Diagnostics, so the Registry contents are
protected while you browse for information. However, you can select and copy any value if you want to
paste information by using Registry Editor or a text editor.
Adding a Key
You can add a key to store data in the Registry. For example, you can add a subkey under
CurrentControlSet\Services to start a service process you have written or to install a device driver that
doesn't have an installation program.
To do this, you must have Create Subkey access permission for the key under which you are adding a
subkey, as described in "Assigning Access Rights to Registry Keys," later in this chapter.
To add a key to the Registry by using Regedt32

1. Select the key or subkey under which you want the new key to appear.
2. From the Edit menu, click Add Key or press the INS key.
3. In the Key Name box of the Add Key dialog box, type the name that you want to assign to your key.
The key name cannot contain a backslash (\), and it must be unique in relation to other subkeys at the
1
2
same level in the hierarchy. That is, Key1 and Key2 can each have a subkey named Key3, but Key1
cannot have two subkeys named Key3.
4. Leave the Class box blank. This box is reserved for a future use.
5. Click OK to display the new key in the Registry Editor window.
To add a key to the Registry with Regedit

1. Select the key or subkey under which you want the new key to appear.
2. From the Edit menu, click New, then click Key. A new folder appears under the selected key, with the
name of the folder selected so that you can edit it.
3. Type a name for the key and press ENTER.
Adding a Value Entry to a Registry Key

You can use the Registry editors to assign a new value entry to a key or edit the value entry of an existing
key. When you do this, the value that you add appears in the data pane of the selected Registry window.
To determine value entries you might add, see the tuning and troubleshooting information in Regentry.hlp,
which is included in the Windows NT Workstation Resource Kit CD.
To add a value entry to a Registry key by using Regedt32

1. Select the subkey to which you want to add a value entry.
2. From the Edit menu, click Add Value.
Tip To quickly open the Add Value dialog box, switch to the right pane by using the TAB key or the
mouse, then press the INS key.
3. In the Add Value dialog box, type the name you want to assign to the new value entry.
4. In the Data Type box, select the type that you want to assign to the value entry.
The data types are described in "Value Entries in the Registry Keys" in Chapter 23, "Overview of the
Windows NT Registry."
5. Click OK, then type the value in the String Editor dialog box. Click OK again to display the new
entry in the Registry Editor window.
To add a value entry to a Registry key by using Regedit

1. Select the subkey to which you want to add a value entry.
2. From the Edit menu, click New, then click String Value, Binary Value, or DWORD Value
depending upon the data type of the value you are adding.
3. The new value entry appears in the right panel with the name of the value entry selected so you can edit
it.
4. Type a name for the value entry.
5. To edit the value, double-click the value entry, then edit the value in the Value data box of the
Datatype Editor dialog box, then click OK.
Deleting a Key or a Value Entry

To remove selected keys or value entries from the Registry, you can use the Delete command from the
Edit menu or you can press the DELETE key. However, you cannot delete any of the predefined subtrees
or change the name of a key.
Caution There is no Undo command for deletions. Registry Editor prompts you to confirm the deletions if
Confirm On Delete is selected from the Options menu. When you delete a key, the message does not
1
2
include the name of the key you are deleting. Check your selection carefully before proceeding. To recover
a subkey of HKEY_LOCAL_MACHINE \System \CurrentControlSet, restart the computer. Press the
spacebar immediately when you see the message Press spacebar now to invoke Hardware Profile/Last
Known Good Menu.
In Regedt32, you can protect the Registry from accidental deletions by using the following
methods:
• Protect data through read-only mode.
From the Options menu, select Read Only Mode. When this option is selected, Regedt32 does not save
any changes. This protects the data from accidental changes.
• Protect data through confirmation.
From the Options menu, select Confirm On Delete. When this option is selected, Regedt32 prompts
you to confirm deletion of any key or value.
Exercise 10
Many networks were installed to provide basic file and printer sharing. As business requirements have
expanded, however, so have the demands on computing infrastructures. These same networks must now
support a growing number of new capabilities and services, such as electronic commerce, remote
communications, Web publishing, e-mail, and database applications in a client/server processing model.
To provide these services to small and large businesses, many information technology professionals
are using Microsoft® Windows® 2000 Server-based computing environments. Windows 2000
Server serves as a unifying foundation that does the following:
• Combines and enhances the capabilities of diverse server operating systems.
• Enables organizations to extend a consistent set of system services, applications, and user interfaces
across a network. System services are typically core operating system functions running at either the
executive- or user-mode in the Windows 2000 Server operating system architecture. Applications run in
user mode and, more often than not, require a user logon to run.
The core server technology of Small Business Server 2000 is Windows 2000 Server, which is designed to
work with the many client network operating systems. This protects the network investments of the small
business and provides the necessary flexibility for a small business to keep up with evolving business
computing demands.
This chapter describes the requirements for interoperability between Small Business Server 2000 and other
operating system environments.
Interoperability Layers
When assessing interoperability issues, think of your organization's computing infrastructure in
terms of four layers: network, data, applications, and management. Depending on the platforms
combined, one or more of these areas must be addressed:
• Network layer. Consists of low-level communication protocols, such as Internet Packet Exchange (IPX)
and TCP/IP, which are used to transport data. Also includes such functionality as terminal emulation or
print services.
• Data layer. Provides access to both structured (primarily database) and unstructured (primarily file
systems) data sources. In addition, includes access to other critical information, such as e-mail.
1
2
• Application layer. Addresses the way an organization's application infrastructure can allow applications
running on different operating systems to work together. For example, this layer defines how two
applications can participate in transactions, or how an application can be delivered to multiple client
platforms.
• Management layer. Focuses on cross-platform user, system, and network management.
Operating System Environments Supported by Windows 2000 Server

Windows 2000 Server supports all the standards required to interoperate with the following
operating systems:
• NetWare 2.x/3.x/4.x/5.x
• UNIX
• Macintosh System 6.0.7 or higher
• Windows 2000 Professional
• Windows NT® Workstation
• Windows Me
• Windows 95 and Windows 98
• Windows 3.x
• MS-DOS®
• OS/2
Windows 2000 Server also supports the following network protocols:
• TCP/IP
• Internet Packet Exchange/Sequenced Packet Exchange
(IPX/SPX)
• Network Basic Enhanced User Interface (NetBEUI)
• AppleTalk
• Data Link Control (DLC)
• Hypertext Transfer Protocol (HTTP)
• Systems Network Architecture (SNA)
• Point-to-Point Protocol (PPP)
• Point-to-Point Tunneling Protocol (PPTP)
NetWare Interoperability
Small Business Server 2000 integrates easily with the infrastructures of NetWare 2.x, 3.x, 4.x, and
5.x (in bindery emulation mode). This helps to lower operating costs, increase resource use, and
enables a platform for innovative client/server solutions. To ease the integration, Microsoft
developed a set of utilities that enables Windows 2000 Server to fully integrate with most NetWare
networks. These technologies address NetWare interoperability at the network, data, and
management layers. The following utilities are part of the Windows 2000 Server application in
Small Business Server 2000:
• Gateway Service for NetWare (GSNW)
• Client Services for NetWare (CSNW)
• NWLink (an IPX/SPX-compatible protocol)
Also, File and Print Services for NetWare (FPNW) can be purchased to further enhance Windows 2000
Server and NetWare interoperability.
Gateway Service for NetWare

GSNW is a Microsoft utility that enables a Windows 2000 Server-based computer to act as a gateway to
resources on a NetWare LAN, as illustrated in Figure 20.1.
1
2

Figure 20.1 Gateway Service for NetWare configuration
GSNW offers the following features:
• Protocol availability.
Enables the small business to use any protocol on client desktops without losing NetWare LAN connectivity. For
example, Windows 2000 Professional-based clients can access NetWare resources by using TCP/IP without
requiring a NetWare client redirector on an IPX/SPX protocol stack. The efficiency of GSNW reduces the
administrative load for each client, improving network performance.
GSNW also enables the technology consultant to deploy TCP/IP as the strategic protocol without incurring the
additional costs of replacing older technologies.
• Remote access to NetWare file and print servers.
Small Business Server can be deployed as a communications server to enable remote user access to the NetWare
LAN. This feature of GSNW enables NetWare, MS-DOS, or Windows operating system-based clients to use the
Windows 2000 Server Routing and Remote Access Service (RRAS) to maintain a reliable and secure connection
when connecting to the LAN.
• Novell Directory Services (NDS) support.
This feature enables users to do the following:
• Navigate NDS trees.
• Authenticate with an NDS-aware server.
• Print from NDS.
• Get NetWare 4.x and 5.x logon script support.
Client Services for NetWare

CSNW enables Windows 2000 Professional-based clients to gain access to files and print resources on a
NetWare 4.x or 5.x server with a single logon and password. CSNW supports Novell's NDS authentication
to multiple NDS trees and provides full support for NDS property pages, passwords, and processing of
NetWare login scripts.
NWLink
NWLink is an IPX/SPX-compatible protocol that provides NetWare clients with access to Windows 2000
Server-based applications. With this protocol, NetWare clients can gain access to applications such as
Microsoft SQL Server™ 2000 or Microsoft Exchange 2000 Server without changing any client-side
software. NWLink also establishes a means of communication for the tools that interoperate with
NetWare.
1
2
Microsoft's implementation of IPX/SPX and Novell NetBIOS-compatible protocols can coexist with other
protocols on the same network adapter card. This means you can have several networks running
independently on the same network hardware connection. NWLink also supports Windows Sockets,
Novell NetBIOS, and Named Pipes protocols.
File and Print Services for NetWare

The FPNW component, an add-on purchased separately, enables Small Business Server to act like a
NetWare Server to all NetWare clients currently on the network. It supports NetWare 2.x, 3.x, 4.x, and 5.x
(in bindery emulation mode) clients without any changes to their configurations and enables Small
Business Server to appear in each client's Windows Explorer list of NetWare-compatible servers. FPNW
enables the Windows 2000 Server application of Small Business Server to emulate a NetWare file and
print server while providing file and print resources that use the same dialog boxes as a NetWare Server.
With FPNW installed on Small Business Server 2000, a NetWare client can do the following:
• Map to a shared volume and directory on Small Business Server.
• Connect to a Small Business Server printer.
• Log on to Small Business Server and execute login scripts.
• Use Small Business Server applications and services.
More Information
For additional information about NetWare integration with Small Business Server 2000, refer to Appendix
B, "Migrating from a NetWare Environment."
UNIX Interoperability
Small Business Server 2000 integrates easily with an existing UNIX infrastructure. This helps lower
operating costs, increases resource utilization, and assures a smooth migration from legacy UNIX
environments. To facilitate the integration of UNIX environments with the Windows 2000 Server
application, Microsoft offers Services for UNIX. The components of this package include technologies for
resource sharing, remote administration, password synchronization, and common scripting across
platforms. Support for these technologies is described in the following sections with respect to the
network, data, application, and management layers.
Network Layer Interoperability

For basic integration with UNIX systems, Small Business Server 2000 includes support for industry-
standard protocols used by UNIX, such as TCP/IP, and Domain Name Service (DNS). These and other
common protocols found on UNIX systems are all included in the underlying Windows 2000 Server
operating system. The sections that follow describe the interoperability characteristics of Windows 2000
Server and UNIX at the network layer.
TCP/IP
Windows 2000 Server includes TCP/IP, the primary transport protocol for the Internet, intranets, and
homogeneous or heterogeneous networks. With TCP/IP built into its operating system, Windows 2000
Server can exchange data with both UNIX hosts and the Internet.
1
2
File Transfer and Hypertext Transfer Protocols
With File Transfer Protocol (FTP) and HTTP services, users can copy files across heterogeneous networks
and then manipulate them locally as text files or Microsoft Word documents.
Domain Name Service

The DNS is a set of protocols and services on a TCP/IP network that enables network users to employ
hierarchical user-friendly names to find other computers rather than using Internet Protocol (IP) addresses.
Windows 2000 Server has a built-in, standards-based DNS service. This enables the technology consultant
to easily migrate an existing DNS to the Windows 2000 Server DNS, or coexist with a non-Microsoft
DNS.
Dynamic Host Configuration and Boot Protocols

Dynamic Host Configuration Protocol (DHCP) configures a host during boot up on a TCP/IP network and
can change IP settings while the host is attached. This allows storage of IP addresses in a central database,
along with associated configuration information, including the subnet mask, gateway IP address, and the
DNS server IP address. Because DHCP for Windows 2000 Server is based on industry standards, requests
from any type of client platform using these standards are supported. The Microsoft DHCP server also
offers Boot Protocol (BOOTP) support, used for booting diskless workstations.
Network File System

The Network File System (NFS) is included in the Services for UNIX, an add-on that is purchased
separately, as a standard for sharing files and printers in the UNIX environment. The NFS client and server
software allows Windows 2000 Server users to access files on UNIX, and UNIX users to access files on
Windows 2000 Server.
Note Services for UNIX does not provide print services. Windows 2000 Server, however, includes native
line printer remote (LPR) and line printer daemon (LPD) UNIX print services. This printing support can
be installed through Print Services for UNIX (from the Control Panel, double-click the Add/Remove
Programs icon, click Add/Remove Windows Components, and then select Other Network File and
Printer Services).
Data Layer Interoperability

At the data layer, Windows 2000 Server includes support for data source interoperability with UNIX
systems, as described in the sections that follow.
Oracle Database Access

Microsoft Visual Studio® Enterprise Edition offers comprehensive support for Oracle 7.3 and later
databases running on UNIX platforms. Using Visual Studio, developers can visually build or edit data-
driven Web pages quickly from multiple data sources. In addition, developers can use Visual Studio to
build and edit stored procedures, database diagrams, triggers, and scripts.
1
2
Database Connectivity Tools
Open Database Connectivity (ODBC) is a software interface that separates data access from the data
sources, to make it easier to gain access to a database on a network. The ODBC database access interface
enables programmers to gain access to data from a diverse set of sources, using a standard series of
functions and commands. This means that application developers using ODBC can create applications that
connect to databases running on UNIX or Windows 2000 Server, and their application code will run
exactly the same way on either platform. With ODBC, developers avoid having to code to each specific
data source's requirements—efficiency that significantly increases productivity.
Object Linking and Embedding Database (OLE DB) takes ODBC a step further. While ODBC is designed
around accessing relational data sources using Structured Query Language (SQL), OLE DB is focused on
providing access to any data, anywhere.
Application Layer Interoperability

At the application layer, Windows 2000 Server supports interoperability with UNIX systems, as described
in the sections that follow.
Telnet
Users can access character-based UNIX applications through Windows 2000 Server support for remote
logon. By running terminal emulation software (Telnet) built into Windows 2000 Professional, Windows
Me, Windows 95, Windows 98, and Windows NT client operating systems, users can log on to a UNIX
timesharing server. After entering an authorized user name and password, users can access applications
residing on the remote UNIX system as if they were logged on locally.
Microsoft Internet Explorer for UNIX

Microsoft Internet Explorer for UNIX enables Web applications and Internet or intranet access to be
delivered to UNIX desktops, using the familiar Internet Explorer interface. Also, client/server applications
can be designed to operate within the browser, across multiple platforms.
Transaction Internet Protocol

Transaction Internet Protocol (TIP) is a standard two-phase commit protocol that enables a UNIX
transaction manager to coordinate distributed transactions. It can be used with any application protocol,
but is especially important for the Internet HTTP protocol.
Microsoft Transaction Server 2.0 and Oracle 7.3 Support

Microsoft Transaction Server (MTS) 2.0 is a component-based transaction processing system included
with Small Business Server. It combines the features of a transaction processing monitor and an object
request broker. MTS defines a programming model, provides a run-time environment, and is also a
graphical administration tool.
Microsoft has enhanced the Microsoft Oracle ODBC driver to work with MTS 2.0. In addition, Oracle 8i
supports the XA interface. As a result, Small Business Server users can access an Oracle database in a
coexisting UNIX operating environment and the database can participate in MTS-based transactions.
1
3
For example, users can update a Microsoft SQL Server database in Small Business Server and an Oracle
database on a UNIX system under a single atomic transaction. If the transaction commits, both databases
are updated. If the transaction quits, all work performed on each database is rolled back to a pre-
transaction state.
MTS interoperates with any Oracle platform accessible from Windows 2000, Windows NT, Windows Me,
or Windows 95 and Windows 98. Microsoft Distributed Transaction Coordinator (DTC) does not need to
be running on UNIX and other non-Windows 2000 platforms in order for an MTS component to update an
Oracle database.
MTS also works with Oracle version 8 databases. However, users must access the Oracle 8 database server
by using the Oracle 7.3 client. Also, the Microsoft Oracle ODBC driver supplied with MTS 2.0 must be
used with the Oracle database, because it is the only Oracle OBDC driver that works with MTS.
Distributed Component Object Model and UNIX

The Component Object Model (COM) is a Microsoft specification for developing distributed transaction-
based applications and defining the manner by which objects interact through an exposed interface.
Distributed Component Object Model (DCOM) extends the COM model and provides applications with a
way to interact remotely over a network.
Microsoft is working with partners to port DCOM onto UNIX and other platforms. This enables the
DCOM application programming interface (API) of Windows 2000 Server to appear on UNIX
servers. DCOM on a UNIX server enables consistent application behavior in a heterogeneous
environment of Windows 2000 and UNIX clients. By employing DCOM on UNIX, users can do the
following:
• Port DCOM server applications from Windows 2000 Server-based operating environments to UNIX
operating environments.
• Create wrappers for existing UNIX applications, providing DCOM access to the applications by clients
running Windows.
• Develop new distributed UNIX applications that take advantage of the DCOM distribution mechanism.
These applications can make the most of the DCOM reuse, version independence, and language
independence capabilities.
Management Layer Interoperability

At the management layer, Windows 2000 Server supports interoperability with UNIX systems, as
described in the sections that follow.
Simple Network Management Protocol

Simple Network Management Protocol (SNMP) service is included in Windows 2000 Server and
Windows 2000 Professional. This means that SNMP management software, such as Hewlett-Packard
OpenView and IBM NetView, can be used to manage Windows systems. Using these products, the
technology consultant can manage UNIX clients from the Windows 2000 Server operating system in
Small Business Server 2000.
1
3
Administrative Tools
Services for UNIX offers the following three features to simplify the administration of combined
Windows 2000 Server and UNIX networks:
• Password synchronization between Windows 2000 Server and UNIX servers. This reduces user
confusion and the technology consultant's workload.
• Telnet administration of both UNIX and the Windows 2000 Server operating system, including access to
network administration from a single client workstation.
• Korn Shell (a UNIX command line interface) and common UNIX commands, thus enabling UNIX shell
scripts to run on Windows 2000 Server. This means that UNIX administrators can use familiar UNIX
commands on Windows 2000 Server.
Macintosh Interoperability
Services for Macintosh is an integrated component of Windows 2000 Server that enables Windows and
Macintosh clients to collaborate and share information across the small business network. Macintosh users
can connect to a Windows 2000 Server in the same way that they connect to an AppleShare Server. The
service supports an unlimited number of simultaneous Apple Filing Protocol (AFP) connections to a
Windows 2000 Server, and the Macintosh sessions are integrated with Windows 2000 sessions. Windows
2000 Server is transparent to the Macintosh user—its presence is revealed only by the quick
responsiveness of the network.
Graphics Performance
In the past, Macintosh clients used UNIX servers to facilitate the heavy performance requirements of
moving large graphics files across a network. With optimization for high bandwidth networks, such as Fast
Ethernet and its full-featured functionality, Windows 2000 Server can handle the most demanding needs of
Macintosh users. Windows 2000 Server is also ideal for the publishing marketplace, because most of the
major server applications are already using it.
File Sharing
Services for Macintosh enables Macintosh users to access and share files on a Windows 2000 Server-
based network. The service includes a full AFP 2.0 file server. All Macintosh file system attributes, such
as resource data forks, are supported. As a file server, all filenames, icons, and access permissions are
intelligently managed. For example, a Word for Windows file appears on the Macintosh computer with the
correct Word for Windows icons. These applications can also be run from the file server as Macintosh
applications. When files are deleted, no orphaned resource forks remain to be cleaned up.
Macintosh-accessible volumes can be created in My Computer. Services for Macintosh automatically
create a Public Files volume at installation time. At the same time, Windows 2000 file and directory
permissions are translated into corresponding Macintosh permissions.
Printer Sharing
Services for Macintosh enables Macintosh users to gain access to and share printers on a Windows 2000
Server-based network. With Services for Macintosh, Macintosh users can gain access to the print server
1
3
through the Chooser dialog box, and can print PostScript jobs to either PostScript or non-PostScript
printers, using the Windows 2000 Server print services.
Administration
Services for Macintosh can be administered from Control Panel. It can also be started transparently,
provided that the technology consultant has configured the server to use the service.
Connecting Macintosh Computers to the Internet

Windows 2000 Server application, included with Small Business Server, has all the features necessary to
connect Macintosh clients to the Internet or corporate intranet. With built-in DHCP, Small Business Server
has full compatibility with Macintosh clients running Open Transport 1.1, allowing them to use
dynamically assigned IP addresses. For example, a Macintosh PowerBook can be moved anywhere in the
network with no disruption to network services.
Security
With Internet Security and Acceleration (ISA) Server 2000, which is included with Small Business Server,
Macintosh clients have fast and secure access to the Internet. Also, Services for Macintosh fully supports
and complies with Windows 2000 security. It presents the AFP security model to Macintosh users and
enables them to gain access to files on volumes that reside on compact discs or other read-only media. The
AFP server also supports both clear text and encrypted passwords at logon time.
Note The technology consultant has the option of configuring the server to not accept clear text passwords.
Interoperability Benefits of Services for Macintosh

The following table summarizes the interoperability benefits that Services for Macintosh, included in
Small Business Server, has for Macintosh users.
Table 20.1 Services for Macintosh Interoperability Benefits
Feature Benefit
Seamless connectivity for Macintosh users can access the Windows 2000 Server as easily as an
Macintosh users AppleShare Server, using the familiar Chooser dialog box.
High performance file and Macintosh users can make the most of Windows 2000 Server performance, with
print services its ability to move large graphics files faster than any other network operating
system.
Full-featured AppleTalk With its built-in Multi-Protocol Router, a Windows 2000 Server can replace a
routing dedicated AppleTalk router.
Universal printing Macintosh users can print PostScript jobs to either PostScript or non-PostScript
printers, using the Windows 2000 print server. Server-side spooling means a
faster return to the client application and increased user productivity.
The Windows 2000 print subsystem handles AppleTalk de-spooling errors and
uses the Windows 2000 Server built-in printer support. A PostScript-compatible
engine enables Macintosh users to print to any Windows 2000 printer as if they
1
3
Feature Benefit
are printing to a LaserWriter.
AppleTalk/PostScript Windows users can send print jobs to PostScript printers on an AppleTalk
printing for Windows users network, which provides them with access to more network resources.
A user interface in Services for Macintosh allows for publishing a print queue
on AppleTalk and for choosing an AppleTalk printer as a destination device.
User identification and Users can log on to Small Business Server from either a Windows PC or a
directory permissions Macintosh computer, using the same user identification. Windows 2000 Server
directory permissions for Macintosh users can be set in exactly the same way as
an AppleShare Server, eliminating the need for Macintosh users to learn a new
security model.
High volume capacity Macintosh users use a Windows 2000 Server NTFS volume.
Flexible server hardware Windows 2000 Server supports more hardware options than any other network
options operating system. Thus, Macintosh users can choose the server hardware
platform that best suits their needs, including PowerPC platforms.
-: Session 10:-
Exercise 1:-
Run the Recovery Console on a Computer that Does Not Start

NOTE: You must be logged on as an administrator or a member of the Administrators group to complete
the following procedure. Also, if your computer is connected to a network, network policy settings may
prevent you from completing this procedure.
To run the Recovery Console on a computer that does not start:

1. Insert the Windows 2000 Server Setup Disk 1 floppy disk into your disk drive, or, if you have a bootable
CD-ROM drive, you can instead insert the Windows 2000 Server CD-ROM into your CD-ROM drive.
2. Restart your computer.
3. Follow the directions that are displayed on the screen. If you are using the Setup disks, you are prompted
to insert the other Setup disks into the disk drive. It may take several minutes to load files. Select the
appropriate options to repair your Windows 2000 installation and to start the Recovery Console.
4. Once in the Recover Console, type HELP, and then press ENTER to see a list of commands.
NOTE: As an alternative, you can install the Recovery Console on your computer so it is always
available. See the "Precautionary Measures" section of this article for information about how to install the
Recovery Console on a working computer.
How to encrypt files and folders on a remote Windows 2000 Server
. Connect to the server that contains the files or folders that you want to encrypt.
2. Right-click the file or folder that you want to encrypt, and then click Properties.
3. On the General tab, click Advanced.
1
3
4. Click to select the Encrypt contents to secure data check box, click OK, and then click OK.
Note that if you encrypt a folder, you are prompted to confirm how you want to apply the attributes.
Click either of the following options, and then click OK:
• Apply to this folder only
• Apply changes to this folder, subfolders and files
5. Repeat steps 2 through 4 for each file or folder that you want to encrypt.
NOTE: The data is encrypted when it is stored on disk, not when it is sent across the network. When you
open an encrypted file over the network, the data that is transferred over the network is not encrypted. You
must use a network protocol such as Secure Sockets Layer/Private Communications Technology
(SSL/PCT) or Internet Protocol Security (IPSec) to encrypt data that is transmitted across a network.
Exercise 4:-
How to back up the recovery agent Encrypting File System (EFS) private key in Windows 2000, and in
Windows XP.
INTRODUCTION
This article describes how to back up the recovery agent Encrypting File System (EFS) private key in
Windows Server 2003, in Windows 2000, and in Windows XP. You can use the recovery agent's private
key to recover data in situations when the copy of the EFS private key that is located on the local computer
is lost.
You can use EFS to encrypt data files to prevent unauthorized access. EFS uses an encryption key that is
dynamically generated to encrypt the file. The File Encryption Key (FEK) is encrypted with the EFS
public key and is added to the file as an EFS attribute that is named Data Decryption Field (DDF). To
decrypt the FEK, you must have the corresponding EFS private key from the public-private key pair. After
you decrypt the FEK, you can use the FEK to decrypt the file.
If your EFS private key is lost, you can use a recovery agent to recover encrypted files. Every time that a
file is encrypted, the FEK is also encrypted with the Recovery Agent's public key. The encrypted FEK is
attached to the file with the copy that is encrypted with your EFS public key in the Data Recovery Field
(DRF). If you use the recovery agent's private key, you can decrypt the FEK, and then decrypt the file.
By default, if a computer that is running Microsoft Windows 2000 Professional is a member of a

workgroup or is a member of a Microsoft Windows NT 4.0 domain, the local administrator who first logs
on to the computer is designated as the default recovery agent. By default, if a computer that is running
Windows XP or Windows 2000 is a member of a Windows Server 2003 domain or a Windows 2000
domain, the built-in Administrator account on the first domain controller in the domain is designated as the
default recovery agent.
Note that a computer that is running Windows XP and that is a member of a workgroup does not have a
default recovery agent. You have to manually create a local recovery agent. The local administrator is not
always the default Encrypting File System recovery agent
Important After you export the private key to a floppy disk or other removable media , store the floppy
disk or media in a secure location. If someone gains access to your EFS private key, that person can gain
access to your encrypted data.
Export the recovery agent’s private key from a computer that is a member of a workgroup
To export the recovery agent’s private key from a computer that is a member of a workgroup, follow these
steps:
1. Log on to the computer by using the recovery agent’s local user account.
1
3
2. Click Start, click Run, type mmc, and then click OK.
3. On the File menu, click Add/Remove Snap-in, and then click Add.
4. Under Available Standalone Snap-ins, click Certificates, and then click Add.
5. Click My user account, and then click Finish.
6. Click Close, and then click OK.
7. Double-click Certificates - Current User, double-click Personal, and then double-click Certificates.
8. Locate the certificate that displays the words "File Recovery" (without the quotation marks) in the
Intended Purposes column.
9. Right-click the certificate that you located in step 8, point to All Tasks, and then click Export. The
Certificate Export Wizard starts.
10. Click Next.
11. Click Yes, export the private key, and then click Next.
12. Click Personal Information Exchange – PKCS #12 (.PFX).
Note We strongly recommend that you also click to select the Enable strong protection (requires IE
5.0, NT 4.0 SP4 or above check box to protect your private key from unauthorized access.
If you click to select the Delete the private key if the export is successful check box, the private key is
removed from the computer and you will not be able to decrypt any encrypted files.
13. Click Next.
14. Specify a password, and then click Next.
15. Specify a file name and location where you want to export the certificate and the private key, and then
click Next.
Note We recommend that you back up the file to a disk or to a removable media device, and then store
the backup in a location where you can confirm the physical security of the backup.
16. Verify the settings that are displayed on the Completing the Certificate Export Wizard page, and then
click Finish.
Export the domain recovery agent's private key

The first domain controller in a domain contains the built-in Administrator profile that contains the public
certificate and the private key for the default recovery agent of the domain. The public certificate is
imported to the Default Domain Policy and is applied to domain clients by using Group Policy. If the
Administrator profile or if the first domain controller is no longer available, the private key that is used to
decrypt the encrypted files is lost, and files cannot be recovered through that recovery agent.
To locate the Encrypted Data Recovery policy, open the Default Domain Policy in the Group Policy
Object Editor snap-in, expand Computer Configuration, expand Windows Settings, expand Security
Settings, and then expand Public Key Policies.
To export the domain recovery agent's private key, follow these steps:
1. Locate the first domain controler that was promoted in the domain.
2. Log on to the domain controller by using the built-in Administrator account.
3. Click Start, click Run, type mmc, and then click OK.
4. On the File menu, click Add/Remove Snap-in, and then click Add.
5. Under Available Standalone Snap-ins, click Certificates, and then click Add.
6. Click My user account, and then click Finish.
7. Click Close, and then click OK.
8. Double-click Certificates - Current User, double-click Personal, and then double-click Certificates.
9. Locate the certificate that displays the words "File Recovery" (without the quotation marks) in the
Intended Purposes column.
1
3
10. Right-click the certificate that you located in step 9, point to All Tasks, and then click Export. The
Certificate Export Wizard starts.
11. Click Next.
12. Click Yes, export the private key, and then click Next.
13. Click Personal Information Exchange – PKCS #12 (.PFX).
Note We strongly recommend that you click to select the Enable strong protection (requires IE 5.0,
NT 4.0 SP4 or abovecheck box to protect your private key from unauthorized access.
If you click to select the Delete the private key if the export is successful check box, the private key is
removed from the domain controller. As a best practice, we recommend that you use this option. Install
the recovery agent's private key only in situations when you need it to recover files. At all other times,
export, and then store the recovery agent's private key offline to help maintain its security.
14. Click Next.
15. Specify a password, and then click Next.
16. Specify a file name and location where you want to export the certificate and the private key, and then
click Next.
Note We recommend that you back up the file to a disk or to a removable media device, and then store
the backup in a location where you can confirm the physical security of the backup.
17. Verify the settings that are displayed on the Completing the Certificate Export Wizard page, and then
click Finish.
Exercise 6:-
Cannot Print to a Network Printer After Adding Internet Connection Sharing

After you add Internet Connection Sharing to the network, you cannot print. This problem occurs because
Connection Sharing uses a Class C subnet with an address range of 198.168.0.x. To fix this issue, reset the
IP address of the printer to match the subnet of the computers that are using Connection Sharing.
Cannot Send a Print Job to a Windows 98 Client

You cannot send a print job to a Windows 98-based client that is using a password for the printer share
from Window 2000. To resolve this issue, use the following command:
net use LPT1 \\computer\printerpassword /persistent:yes
Replace computer with the computer name of the Windows 98-based computer that is sharing the printer,
replace printer with the name of the printer share, and replace password with the password for the share.
Error Messages Typically Caused by Local Port Monitor Problems

When you restart the computer or restart the Print Spooler service, you receive the following error
message:
Spoolsv.exe failed to start
When you open the printer's properties, you receive the following error message
Out of Resources Error
When you try to print a document, you receive an "Access violation" (Dr. Watson) error message. The Dr.
Watson log points to Spoolsv.exe with error code C0000005.
You receive the following error message, and the print spooler stops:
The instruction at 'address' referenced memory at 'address'. The memory could not be read.
Attempting to restart the Print Spooler service or open the Printers folder causes the same message.
These problems may occur if the default local port monitor is changed by a third-party program. Fixing
these problems requires editing the registry.
1
3
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to
reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from
using Registry Editor incorrectly. Use Registry Editor at your own risk.
1. Start Registry Editor.
2. Locate the Local Port value under the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port
3. Double-click the Driver subkey, and then edit the value. Change the string value to Localspl.dll, and
then click OK.
4. Check the following registry key for third-party monitors. Remove any non-default monitors:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors
The default port monitors are:
AppleTalk Printing Devices (When Services for Macintosh is installed)
BJ Language Monitor
Local Port
PJL Language Monitor
Standard TCP/IP Port
USB Monitor
Windows NT Fax Monitor
** LPR Port
NOTE: Do not remove LPR Port Monitor unless advised by a Microsoft Support Professional.
5. Check the following registry key for third-party print providers. Remove any non-default print
providers:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers
The default print providers are:
Internet Print Provider
LanMan Print Services
6. Check the following registry key for third-party print processors. Remove any non-default print
processors:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT
x86\Print Processors
The default print processor is:
WinPrint
To find out what printer is using the print processor, use the Microsoft Product Support Reporting Tool
(MPS_REPORTS) tool to open MachineName_PRINTDRIVERS.TXT, and then search for the third-
party print processor and for the queues that are using the print processor.
7. Change the third-party print processor to WinPrint.
9. Double-click Printers, right-click the printer, and then click Properties.
10. On the Advanced tab, click Print Processor.
11. In the Print Processor box, click WinPrint.
12. Click OK two times.
13. Quit Registry Editor.
After you edit the registry, restart the print spooler. To do so, start Microsoft Management Console
(MMC) and add the Computer Management or the Services snap-in. Right-click Print Spooler Service,
and then click Start.
Exercise 9:-
SYMPTOMS
1
3
When you use a dial-up remote access service (RAS) connection to browse the Internet or to connect to a
corporate network, your computer may stop responding (hang) and return a Stop error (an error on a blue
screen) similar to the following:
STOP: 0x0000000A (0xC104027E, 0x00000002, 0x00000000, 0x804A5DE6)
IRQL_NOT_LESS_OR_EQUAL
CAUSE
This problem may be caused by the Winacpci.sys driver that is supplied by your modem manufacturer. For
additional information about the Winacpci.sys driver, please contact your modem manufacturer.
RESOLUTION
To resolve this issue, disable the Winacpci.sys driver by using the Recovery Console. To do so, follow
these steps:
1. Start your computer with the Windows 2000 boot disks, or with the Windows 2000 CD-ROM if your
computer can start from the CD-ROM drive.
2. In the Welcome to Setup screen, press R to repair the Windows 2000 installation.
3. In the Windows 2000 Repair Options screen, press C to use the Recovery Console.
4. Select the Windows installation that you want to log on to by typing the number of the installation and
then pressing ENTER.
5. Type the Administrator password for your computer, and then press ENTER.
6. At the prompt, type cd system32, and then press ENTER.
7. Type listsvc, and then press ENTER.
8. Locate the Winacpci.sys driver in the list that is provided.
WARNING: Make sure that you locate the Winacpci.sys driver in the list that is provided. Using the
wrong file in the following steps may result in more problems.
9. Type disable Winacpci.sys, and then press ENTER.
NOTE: The Disable command prints the old start_type values of the service before it resets the service
to SERVICE_DISABLED. Record the old start_type information, in case you have to restore the
service later.
10. Type exit.
The computer restarts automatically. Allow the computer to start normally.
WORKAROUND
The Winacpci.sys driver that this article mentions comes from the modem manufacturer. To possibly work
around this problem, use the Windows 2000 version driver. Windows 2000 includes the Winacpci.sys
driver in the I386\driver.cab file with a date of Friday, September 24, 1999, 11:55:30 PM.
To use the Windows 2000 Winacpci.sys driver, follow these steps:

1. Right-click My Computer, and then click Manage.
2. Click Device Manager, locate the modem, and then right-click it.
3. Click Update Driver.
Follow the on-screen instructions. Windows finds and installs the driver from the Windows 2000 CD.
Exercise 7
How to enable / disable call waiting on computer.
1
3
Cause:
You may want to enable call waiting for users with one phone line. This will disconnect the computer
from the phone line when a call comes through.
It may be required that call waiting be disabled to ensure it is not causing the computer modem to not
function.
Solution:
To enable call waiting:
Before attempting to enable call waiting you must ensure that the phone company has enabled this extra
feature on your phone line. If this feature is enabled and the phone line does not have this feature it is
likely that the modem will not work. Below are steps for Windows 95 and 98 users to ensure that call
waiting is not enabled on the computer.
1. Click Start / Settings / Control Panel

2. Double click Modems within Control Panel
3. Click the dialing properties button
4. Verify that the box for 'disable call waiting' is not checked.
To disable call waiting:
The following are steps on how to disable call waiting. It is important to remember if you have one phone
line and disable call waiting no one will be able to reach you.
MS-DOS and Windows 3.x users can enable call waiting by following the below steps:
1. When dialing a BBS or Internet number place one of the following prefix codes in front
of the phone number. Generally this is *70 however may vary in your area.
The available numbers are:
*70
#70
1170
To separate this number and the phone number generally a comma is required. The
following is an example of what this may look like:
*70,18011231234
Windows 95 / 98 users can disable call waiting by following the below steps:
1. Click Start / Settings / Control Panel

2. Double click Modems within Control Panel
3. Click the dialing properties button
4. Check the box to disable call waiting
5. Select the appropriate code to disable call waiting, generally this code is *70
Exercise 2:- Troubleshoot the “NTLDR is missing “ Error Message in machine.
This problem may occur if the basic input/output system (BIOS) on your computer is outdated, or if one or
more of the following Windows boot files are missing or damaged:
1
4
Ntldr
Ntdetect.com
Boot.ini
To resolve this issue, verify that the BIOS on your computer is current, and then use one or more of the
following methods, as appropriate to your situation, to repair the Windows 2000 startup environment.
IMPORTANT: Microsoft recommends that you fully back up your data on a regular basis. This is the best
defense against data loss, and it must be a part of any disaster recovery plan.
Verify That the BIOS on the Computer Is Current

Make sure that the latest revision for BIOS is installed on the computer. Contact the computer
manufacturer to inquire about how to obtain, and then install the latest BIOS update that is available for
the computer.
For information about how to configure and how to verify the correct BIOS settings for the computer, see
the computer documentation or contact the manufacturer of the computer.
To repair the Windows startup environment, use one or more of the following methods, as
appropriate to your situation.
Method 1: Use a Boot Disk to Start the Computer

1.
2. Create a Windows 2000 boot disk that contains the following files:
Ntldr
Ntdetect.com
Boot.ini
Ntbootdd.sys
3. Modify the Boot.ini file to point to the correct hard disk controller and to the correct volume for your
Windows installation.
4. Insert the boot disk into the computer's floppy disk drive, and then restart the computer.
5. Copy the Ntldr file, the Ntdetect.com file, and the Boot.ini file from the boot disk to the system partition
of the local hard disk.
Method 2: Use the Recovery Console
1. Use the Windows 2000 Setup disks to restart the computer, or use the Windows 2000 CD-ROM to
restart the computer.
2. At the Welcome to Setup screen, press R to repair the Windows 2000 installation.
3. Press C to repair the Windows 2000 installation by using the Recovery Console.
4. Type the number that corresponds to the Windows installation that you want to repair, and then press
ENTER. For example, type 1, and then press ENTER.
5. Type the Administrator password, and then press ENTER.
6. Type map, and then press ENTER. Note the drive letter that is assigned to the CD-ROM drive that
contains the Windows 2000 CD-ROM.
7. Type the following commands, pressing ENTER after you type each one, where drive is the drive letter
that you typed in step 4 of "Method 2: Use the Recovery Console," of this article:
copy drive:\i386\ntldr c:\
copy drive:\i386\ntdetect.com c:\

If you are prompted to overwrite the file, type y, and then press ENTER.
NOTE: In these commands, there is a space between the ntldr and c:\, and between ntdetect.com and
1
4
c:\.
8. Type the following command, and then press ENTER:
type c:\Boot.ini
A list similar to the following list appears:
[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect
If you receive the following message, the Boot.ini file may be missing or damaged:
The system cannot find the file or directory specified.
9. If the Boot.ini file is missing or damaged, create a new one. To do so, follow these steps:
a. Use a text editor, such as Notepad or Edit.com, to create a boot loader file similar to the following
boot loader file:
[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating

systems] multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional"
/fastdetect
b. Save the file to a floppy disk as Boot.ini.
NOTE: If you used Notepad to create the file, make sure that the .txt extension is not appended to
the Boot.ini file name.
c. Type the following command at the Recovery Console command prompt to copy the Boot.ini file
from the floppy disk to the computer:
copy a:\Boot.ini c:\
10. Type exit, and then press ENTER. The computer restarts.
Method 3: Use the Windows 2000 CD-ROM

1. Insert the Windows 2000 CD-ROM into the computer's CD-ROM drive or DVD-ROM drive, and start
Windows 2000 Setup.
2. On the Welcome to Setup page, press R.
3. On the Windows 2000 Repair Options page, press R.
4. When you are prompted to select one of the repair options, press M.
5. Press the UP ARROW, press the UP ARROW again, to select Verify Windows 2000 system files, and
then press ENTER to clear the selection.
6. Press the DOWN ARROW to select Continue (perform selected tasks), and then press ENTER. The
following message appears:
You need an Emergency Repair disk for the Windows 2000
installation you want to repair.
7. Do one of the following, as appropriate to your situation:
• If you have an Emergency Repair Disk, follow these steps:
-or-
• If you do not have an Emergency Repair Disk, follow these steps:
If Setup Cannot Locate Windows 2000

If you do not have a Windows 2000 Emergency Repair Disk, and if Setup cannot locate the Windows
2000 installation, follow these steps:
1. Start Windows 2000 Setup.
1
4
2. On the Setup will install Windows 2000 on partition page, select Leave the current file system
intact (no changes), and then press ENTER.
3. Press ESC to install Windows 2000 to a new folder.
4. In the Select the folder in which the files should be copied box, type \tempwin, and then press
ENTER.
Setup installs a new copy of Windows 2000.

5. Log on to the new copy of Windows 2000.
6. Click Start, and then click Run.
7. In the Open box, type cmd, and then click OK.
8. At the command prompt, type drive:, where drive is the boot drive of the computer, and then press
ENTER. For example, type c:, and then press ENTER.
9. Type attrib -h -r -s Boot.ini, and then press ENTER.
10. Type edit Boot.ini, and then press ENTER.
Edit.com opens a Boot.ini file that is similar to the following file:
[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\TEMPWIN [operating

systems] multi(0)disk(0)rdisk(0)partition(1)\TEMPWIN="Microsoft Windows 2000 Professional"
/fastdetect
11. Replace all instances of TEMPWIN with WINNT. The Boot.ini file that appears is similar to the
following file:
[boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect
12. Press ALT+F, and then press S.

13. Press ALT+F, and then press X.
14. Type attrib +h +r +s Boot.ini, and then press ENTER.
15. Type exit to quit the command prompt.
16. Restart the computer.
17. At the Please select the operating system to start screen, use the ARROW keys to select Microsoft
Windows 2000, and then press ENTER.
18. Start Windows Explorer, locate the following folders, and then delete them:
Tempwin
All Users.Tempwin
1
4
DATABASE MANAGEMENT
SYSTEM
(DBMS)
1
4
Session 1
Step1: CREATE table Employee;
Step2: CREATE table Department;
1
4
Step3: CREATE table Department_Location;
Step4: CREATE table Project;
Step5: CREATE table Works_on;
1
4
Step6: CREATE table Dependent;
Queries: 1. List the Department wise details of all the employees

 SELECT Department.Dept_no, Department.Dept_name, Department_Location.Dept_location,
Employee.Employee_id, Employee.First_name, Employee.Last_name FROM (Department INNER JOIN
Department_Location ON Department.Dept_no = Department_Location.Dept_no) INNER JOIN Employee
ON Department.Dept_no = Employee.Dept_no ORDER BY Department.Dept_no;
2. Find out all those departments that are located in more than one location.
 SELECT [Department].[Dept_name], [Department].[Dept_no], [Department_Location].[Dept_location] FROM
Department INNER JOIN Department_Location ON [Department].[Dept_no] = [Department_Location].
[Dept_no] WHERE ((([Department].[Dept_name])="CPMU"));
1
4
3. Find the list of projects.
 SELECT [Project].[Proj_name], [Project].[Proj_no] FROM Project ORDER BY [Project].[Proj_no];
4. Find out the list of employees working on a project.

 SELECT Employee.Employee_id, Employee.First_name, Employee.Last_name, Project.Proj_no,
Project.Proj_name FROM (Employee INNER JOIN [Works-on] ON Employee.Employee_id = [Works-
on].Employee_id) INNER JOIN Project ON [Works-on].Proj_no = Project.Proj_no WHERE
(((Project.Proj_no)=310)) ORDER BY Employee.Employee_id;
5. List the dependents of the employee whose employee id is ‘111’.

 SELECT Employee.Employee_id, Employee.First_name, Employee.Last_name,
Dependent.Dependent_name, Dependent.Relationship FROM Employee INNER JOIN Dependent ON
Employee.Employee_id = Dependent.Employee_id WHERE (((Employee.Employee_id)=111));
1
4
Session 2
Step1: CREATE table BookRecords;
Step2: CREATE table Books;
Step3: CREATE table Members;
1
4
Step4: CREATE table BookIssue;
Queries: Display the structure of the tables.
1
5
Query 5 a): Get the list of all books (No need to find the no. of copies)
 SELECT * FROM Books;
1
5
Query 5 b): Get the list of all members
 SELECT [Member_Name] FROM Members;
Query 5 c): Get the Accession no of the books, which are available in the library
 SELECT BookIssue.AccNumber FROM BookIssue WHERE (((BookIssue.IssueDate) Is Null));
Query 5 e): List the books issued on 01-Jan-2005

SELECT [BookIssue].[AccNumber], [BookIssue].[IssueDate] FROM BookIssue WHERE ((([BookIssue].
[IssueDate])=#1/1/2005#));
Query 5 f): Get the list of all books having price greater than Rs. 500/-
 SELECT Books.ISBN_No, Books.Author, Books.Publisher, Books.Price FROM Books WHERE
(((Books.Price)>500));
1
5
Query 5 g): Get the list of members who did not have any books issued at any time
 SELECT Members.Member_Name FROM BookIssue INNER JOIN Members ON BookIssue.Member_id =
Members.Member_id WHERE (((BookIssue.IssueDate) Is Null));
Query 5 h): Get the list of members who have not returned the book
 SELECT BookIssue.Member_id, Members.Member_Name FROM BookIssue INNER JOIN Members ON
BookIssue.Member_id = Members.Member_id WHERE (((BookIssue.ReturnDate) Is Null) AND
((BookIssue.IssueDate) Is Not Null));
Query 5 i): Display member ID and the list of books that have been issued to him/her from time to time
 SELECT BookIssue.Member_id, BookIssue.IssueDate, BookIssue.AccNumber FROM BookIssue WHERE
(((BookIssue.IssueDate) Is Not Null)) ORDER BY BookIssue.Member_id, BookIssue.IssueDate;
Query 5 j): Find the number of copies of each book (A book accession no would be different but ISBN no would be
the same)
1
5
 SELECT Count(BookRecords.AccNumber) AS CountOfAccNumber, BookRecords.ISBN_No FROM
BookRecords GROUP BY BookRecords.ISBN_No ORDER BY BookRecords.ISBN_No;
Query 5 k): Find the number of copies available of a book of given ISBN no.
(Here we assume the ISBN No = 265498)
 SELECT QSes2_5j.CountOfAccNumber, QSes2_5j.ISBN_No FROM BookRecords, QSes2_5j GROUP BY
QSes2_5j.CountOfAccNumber, QSes2_5j.ISBN_No HAVING (((QSes2_5j.ISBN_No)="265498"));
Session 4:
CREATE table Customer;
Queries: b) Print the entire customer table.

 SELECT * from Customer;
1
5
d) Find the customer belonging to area ‘abc’.
 SELECT [Customer].[Name], [Customer].[Area] FROM Customer WHERE ((([Customer].[Area])="abc"));
e) Delete record where area is NULL.

 DELETE Customer.Area from Customer WHERE ((Customer.Area)Is Null));
f) Display all records in increasing order of name.
 SELECT Customer.Name, Customer.Customer_id, Customer.Area, Customer.Phone FROM Customer

ORDER BY Customer.Name;
1
5
g) Create table temp from customer having customer-id, name and area field only.
 SELECT Customer.Customer_id, Customer.Name, Customer.Area INTO temp FROM Customer;
h) Display area and number of records within each area (Use Group by clause).
 SELECT Count(Customer.Area) AS CountOfArea, Customer.Area FROM Customer GROUP BY
Customer.Area;
1
5
JAVA PROGRAMMING
1
5
1. class Acc
{
String name,acct_type,address;
float initial_amt,curr_bal;
int acct_no;
Acc(String n,int an,float in)
{
name=n;
acct_no=an;
initial_amt=in;
}
Acc(String n,int an,String a,String at,float c)
{
1
5
name=n;
acct_no=an;
address=a;
acct_type=at;
curr_bal=c;
}
void deposit()
{
float deposit=500;
}
void withdraw()
{
float withdraw=200;
}
void get_balance()
{
// float bal=(deposit-withdraw);
// return bal;
}
}
class Account
{
public static void main(String args[])
{
Acc r=new Acc("yamini",7097,500);

Acc r1=new Acc("prasanna",7098 ,"rvcolony","savings",1000);
r.deposit();
r.withdraw();
//bal1=r.get_balance();
r1.deposit();
r1.withdraw();
r1.get_balance();
System.out.println("\tName="+r.name+"\tAccount number="+r.acct_no+"\tInitial amount
"+r.initial_amt); System.out.println("\tName="+r1.name+"\tAccount
number="+r1.acct_no+"\tAddress="+r1.address);
System.out.println("\tAccount type="+r1.acct_type+"\tCurrent balance="+r1.curr_bal);
//System.out.println("Balance is="+bal1);
}
}
2.
class Area
{
{
double h=12.0,w=5.0;
double area=(h*w);
1
5
System.out.println("The area of a rectangle is" +area);
}
}
3.
class Avg{
public static void main (String args[]){
double m1=82;
double m2=65;
double m3=90;
double m4=73;
double avg=(m1+m2+m3+m4)/4;
System.out.println("The average of four subjects:"+avg);
}
}
4.
class Break {
public static void main(String args[]){
int i=0;
System.out.println("This is to illustrate break statement");
while(i<100){
if(i==10) break;
System.out.println("i:"+i);
i++;
}
System.out.println("Loop complete");
System.out.println("This is to illustrate continue statement");
outer: for(i=0;i<10;i++){
for(int j=0;j<10;j++){
if (j>i){
System.out.println();
continue outer;
}
System.out.println(" "+(i*j));
}
}
}
}
5.
public class Byzero
{
{
1
6
int b=100,res=0;
int a[]={0,1,2,5,0,25,0,50,0};
for (int i=0;i<9;i++)
{
try
{
res=res+(b/a[i]);
System.out.println(" "+res);
}
catch (ArithmeticException e)
{
a[i]=1;
}
}
}
}
6.
public class Enonnumeric

{
{
int sum=0;
int invalid=0;
for(int i=0;i<args.length;i++)
{
try
{
sum+=Integer.parseInt(args[i]);
}
catch(NumberFormatException e)
{
invalid++;
}
}
System.out.println("Total number of arguments:"+args.length);
System.out.println("Invalid numbers:"+invalid);
System.out.println("Sum:"+sum);
}
}
7.
class Exam{
throws java.io.IOException{
1
6
int m1[]=new int[2];
System.out.println("Enter 2 elements");
for(int i=0;i<2;i++){
m1[i]=(int) System.in.read ();
System.out.println( );
}
for(int. i=0;i<2;i++)
System.out.print(m1[i]+" ");
}
8.
import java.util.*;
public class Except
{
{
int a[]={1,2,3,4,5,6,7,8,9,1,7,8,9,0};
int num=0;
for (int i=0;i<20;i++)
{
try
{
System.out.println(" "+a[i]);
}
catch(ArrayIndexOutOfBoundsException e)
{
num++;
}
}
System.out.println("Index has been out of bounds by:"+num);
}
}
9.
class Expression
{
{
byte a=10,b=5;
int c,d,e,f;
c=(a<<2)+(b>>2);
d=(a)|(b>0);
e=(a+b*100)/10;
1
6
f=(a&b);
System.out.println("(a<<2)+(b>>2)="+c);
System.out.println("(a)|(b>0)="+d);
System.out.println("(a+b*100)/10=" +e);
System.out.println("a&b=" +" "+f);
}
}
10.
//create a super class

class A
{
int i;
private int j;
void setij(int x,int y)
{
i=x;
j=y;
}
}
class B extends A
{
int total;
void sum()
{
total=i+j;
}
}
class Inh1
{
{
B obj=new B();
obj.setij(10,12);
obj.sum();
System.out.println("Total is="+obj.total);
}
}
11.
import java.io.*;
public class Matrix
{
public static int readInt() throws IOException
{
1
6
BufferedReader b =new BufferedReader(new InputStreamReader(System.in));
int i=Integer.parseInt(b.readLine());
return i;
}
public static void main(String args[]) throws IOException

{
int m1[][]=new int[2][3];
System.out.println("Enter the 6 numbers");

for(int i=0;i<2;i++)
for(int j=0;j<3;j++)
m1[i][j]=readInt();
{
{
System.out.print("\t "+m1[i][j]);
}
}
System.out.println("Enter the 6 numbers");

m2[i][j]=readInt();
}
}
{
{
m3[i][j]=0;
for(int k=0;k<3;k++)
m3[i][j]=m3[i][j]+m1[i][k]*m2[k][j];
}
}
System.out.println("The product of two matrices is:");

1
6
}
}
}
}
12.
class Player
{
String name;
Player(String nm)
{
name=nm;
}
}
class Cricket_player extends Player
{
Cricket_player(String nm)
{
super(nm);
}
void play()
{
System.out.println("play cricket:"+name);
}
}
class Football_player extends Player
{
Football_player(String nm)
{
super(nm);
}
void play()
{
System.out.println("play Football:"+name);
}
}
class Hockey_player extends Player

{
Hockey_player(String nm)
{
1
6
super(nm);
}
void play()
{
System.out.println("play hockey:"+name);
}
}
class Player1
{
{
Cricket_player c=new Cricket_player("sachin tendulkar");

Football_player f=new Football_player("peley");
Hockey_player h=new Hockey_player("Helen mary");
c.play();
f.play();
h.play();
}
}
13.
class Rect
{
double width,length,area;
String colour;
void set_length(double x)
{
length=x;
}
void set_width(double y)
{
width=y;
}
String set_colour(String z)
{
colour=z;
return colour;
}
double find_area()
{
area=length*width;
System.out.println("Area of rectangle="+area);
1
6
return area;
}
}
class Rectangle
{
{
double area1, area2;

String st1,st2;
Rect r1=new Rect();
Rect r2=new Rect();
r1.set_length(5.0);
r1.set_width(6.0);
st1=r1.set_colour("blue");
area1=r1.find_area();
r2.set_length(5.0);
r2.set_width(6.0);
st2=r2.set_colour("green");
area2=r2.find_area();
if ((area1==area2) && st1.equals(st2))
{
System.out.println("Matching rectangles");
}
else
{
System.out.println("Non matching rectangles");
}
}
}
14.
abstract class Worker

{
public String name;
public double sal_rate,pay;
int hours;
Worker(String nm,double sr)
{
name=nm;
sal_rate=sr;
}
abstract void compay();
class Daily_worker extends Worker
1
6
{
int days_worked;
Daily_worker(String nm,double sr,int dw)
{
super(nm,sr);
days_worked=dw;
}
void compay()
{
pay=days_worked*sal_rate;
System.out.println("\t Name:"+name+ "\tsalary per day"+sal_rate+"\tpay per week"+pay);
}
}
class Salaried_worker extends Worker
{
Salaried_worker(String nm,double sr)
{
super(nm,sr);
}
void compay()
{
pay=(40*sal_rate);
System.out.println("\t Name:"+name+ "\tsalary per hour:"+sal_rate+"\tpay per week:"+pay);
}
}
public class Salary

{
{
Daily_worker d=new Daily_worker("ramesh" ,50.0 ,6);

Salaried_worker s=new Salaried_worker("das",20.0);
d.compay();
s.compay();
}
}
15.
class Strin1
{
public class void main(String args[])
{
1
6
int cnt=0;
String s="yaminiprasanna";
System.out.println("The length of the string is:"+s.length());
int len=s.length();
for (int i=0;i<len;i++)
{
if (Character.a(s.charAt(i))
{
System.out.println("a is at the position :"i);
cnt++;
}
else
System.out.println("a is not present in the string");
}
System.out.println("a has occured "+cnt+"times");
}
}
16.
class Strin1
{
{
int cnt=0;
Character s1=new Character('a');
String s="yaminiprasanna";
System.out.println("The length of the string is:"+s.length());
int len=s.length();
for (int i=0;i<len;i++)
{
Character s2=new Character(s.charAt(i));
if ( s1.equals(s2))
{
System.out.println("a is at the position :"+i);
cnt++;
}
}
System.out.println("a has occured "+cnt+"\ttimes"); }}
17.
public class Strin3
1
6
{
{
String s="I am studying in ignou at bangalore";
System.out.println("First occurence of character 'a' is at position:"+s.indexOf('a'));
System.out.println("Last occurence of character 'a' is at position:"+s.lastIndexOf('a'));
}
}
18.
import java.io.*;
public class Strin4
{
public static void main(String args[]) throws IOException
{
String var,var1;
BufferedReader str=new BufferedReader(new InputStreamReader(System.in));
System.out.println("Enter any statement");
var=str.readLine();
var1=var.toUpperCase();
System.out.println("The statement in uppercase is\n"+var1);
}
}
19.
import java.io.*;
class Sumdigits{
throws IOException{
BufferedReader br=new BufferedReader(new InputStreamReader(System.in));
String str;
int num,rem;
int sum=0;
System.out.println("Enter a 5 digit number");

str=br.readLine();
num=Integer.parseInt(str);
while(num>0){
rem=num%10;
sum=sum+rem;
num=num/10;
}
System.out.println("The sum of the digits"+sum);
}
1
7
}
20.
class Fivetable extends Thread

{
public void run()
{
for (int i=1;i<=5;i++)
System.out.println("5 *"+i+"="+(5*i));
}
}
class Sixtable extends Thread
{
public void run()
{
}
}
class Seventable extends Thread
{
public void run()
{
}
}
class Eighttable extends Thread
{
public void run()
{
}
}
class Ninetable extends Thread
{
public void run()
{
}
}
public class Thr1

{
public static void main(String args[]) throws InterruptedException
1
7
{
Fivetable f=new Fivetable();
Sixtable s=new Sixtable();
Seventable se=new Seventable();
Eighttable e=new Eighttable();
Ninetable n=new Ninetable();
f.setPriority(7);
s.setPriority(2);
se.setPriority(10);
e.setPriority(5);
n.setPriority(8);
f.sleep(1500);
if (f.isAlive())
System.out.println("Thread 5 is alive");
else
System.out.println("Thread 5 is not alive");
s.start();
if (s.isAlive())
else
se.sleep(1000);
if (se.isAlive())
else
e.start();
if (e.isAlive())
else
n.start();
if (n.isAlive())
else
}
}
21.
abstract class worker
1
7
{
String name;
double sal_rate;
worker(String nm,double sr);
{
name=nm;
sal_rate=sr;
}
abstract void compay()
}
class Daily_worker extends worker
{
int days_worked;
Daily_worker(String nm,double sr,int dw)
{
super(nm,sr);
days_worked=dw;
}
void compay()
{
double pay=(days_worked*sal_rate)
System.out.println("\t Name:"+name+ "\tsalary per day"+sal_rate+"\tpay per week"+pay);
}
}
class Salaried_worker extends worker
{
Daily_worker(String nm,double sr)
{
super(nm,sr);
}
void compay()
{
double pay=(40*sal_rate)
System.out.println("\t Name:"+name+ "\tsalary per hour"+sal_rate+"\tpay per week"+pay);
}
}
1
7
1
7

Master of Computer Applications1

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Master of Computer Applications1

Enviado por

Direitos autorais:

Formatos disponíveis

MASTER OF COMPUTER APPLICATIONS

SCHOOL OF COMPUTER AND INFORMATION SCIENCES

This is to certify that Ms…………………………..

has satisfactorily completed the course of experiments in

prescribed by the IGNOU university 2sem MCA course in

the laboratory of this college in the year 2005.

Date: Signature of Lab

Name of the candidate:

1. PROGRAM TO FIND THE MULITIPLICATION OF TWO MATRICES

2. PROGRAM TO ACCEPT 10 STRINGS AS INPUT & PRINT IN LEXICOGRAPHICORDER

4. PROGRAM TO CONCATENATE TWO STRINGS S1 & S2

1. PROGRAM TO FIND THE STUDENT INFORMATION & PRINT THE STUDENT

SESSION 3: LINKED LISTS

1. PROGRAM FOR THE CREATION & DELETION OF A LIST USING POINTERS.

b) DOUBLY LINKED LIST:

printf("\n Enter the enrollment number to be deleted \n");

del=(struct info*)malloc(sizeof (struct info));

c) CIRCULARLY LINKED LISTS:

printf("\n Enter the enrollment number to be deleted \n");

struct info *temp,*disp,*head;

1. PROGRAM TO CONVERT A PREFIX EXPRESSION TO A POSTFIX USING POINTERS

void push(char item[],int *top,char s[][20])

void *pop(int *top,char s[][20])

void pre_post(char prefix[],char postfix[])

2. PROGRAM TO REVERSE AN INPUT STRING

char pop(int *top,char s[])

int is_rev(char str[])

SESSION-6: TREES & BINARY TREES

1. PROGRAM FOR THE CREATION OF BINARY TREE, PROVIDE INSERTION& DELETION.

2. PROGRAM FOR PRE-ORDER,POST-ORDER & IN-ORDER TRAVERSALS OF A BINARY

void ins(struct node *n,int val,int opt)

void inser(struct node *t,int x)

void inorder(struct node *p)

void preorder(struct node *p)

void postorder(struct node *p)

case 4: printf("\n The postorder elements are\n");

SESSION-9: SEARCHING & SORTING

1. PROGRAM TO IMPLEMENT LINEAR SEARCH USING POINTERS.

2. PROGRAM TO IMPLEMENT BINARY SEARCH USING POINTERS.

void sort(int first,int last)

4. PROGRAM TO IMPLEMENT HEAP SORT USING POINTERS.

5. PROGRAM TO IMPLEMENT 2-WAY MERGE SORT USING POINTERS.

6. PROGRAM TO IMPLEMENT BUBBLE SORT USING POINTERS.

NET [ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |

Interface: 10.115.4.157 --- 0x10003

netsh interface ip show config

(/24 means 255.255.255.0 )

1. In the Run command type Regedit.exe and press Enter.

NETSH (Win2k &standard command in XP)

Configure interfaces, routing protocols, filters, routes, RRAS, .

Under Windows XP the available contexts are:

To display a list of commands that can be used in a context, type the

command may be any of:

/popd Pop a context from the stack.

/pushd Push current context onto the stack.

/set mode [mode =] online | offline

/abort Discard changes made in offline mode.

/add helper DLL-name

/show alias list all defined aliases.

/alias List all aliases.

/alias [alias_name] [string1] [string2 ...]

/dump - file name

struct info temp,disp,*head;

void pop(int top,char s[][20])