Escolar Documentos
Profissional Documentos
Cultura Documentos
(MCA)
Name:
Enrolment no:
Semester:
Subject:
1
NAME OF THE STUDY CENTER
BMS College of Engineering,Bangalore.
Laboratory Certificate
………………………………………………practical
Enrollment no:
2
Examination center:
DATA STRUCTURES
3
SESSION-1: ARRAYS
#include<stdio.h>
# define size 10
void main()
{
int r1,c1,r2,c2,i,j,k,x[size][size],y[size][size];
int m[size][size];
clrscr();
printf("Enter the order of 1st matrice\n");
scanf("%d%d",&r1,&c1);
printf("Enter the order of 2nd matrice\n");
scanf("%d%d",&r2,&c2);
if(c1==r2)
{
printf("enter the %d elements of first matrix\n",r1*c1);
for (i=0;i<r1;i++)
{
for(j=0;j<c1;j++)
scanf("%d",&x[i][j]);
}
printf("enter the %d elements of second matrix\n",r2*c2 );
for (i=0;i<r2;i++)
{
for(j=0;j<c2;j++)
scanf("%d",&y[i][j]);
}
printf("The given first matrix is:\n");
for (i=0;i<r1;i++)
{
for(j=0;j<c1;j++)
printf("%d\t",x[i][j]);
printf ("\n");
}
printf("The given second matrix is:\n");
for (i=0;i<r2;i++)
{
for(j=0;j<c2;j++)
printf("%d\t",y[i][j]);
printf ("\n");
}
for (i=0;i<r1;i++)
{
for(j=0;j<c2;j++)
{
m[i][j]=0;
for(k=0;k<r2;k++)
m[i][j]=m[i][j]+x[i][k]*y[k][j];
4
}
}
printf("The product is:\n");
for (i=0;i<r1;i++)
{
for (j=0;j<c2;j++)
printf(" %d\t",m[i][j]);
printf("\n");
}
}
else
printf ("multiplication is not possible");
getch();
}
#include <stdio.h>
#include <string.h>
void main()
{
char a[4][25],temp[25];
int i,j;
clrscr();
printf("Enter the names\n");
for (i=0;i<4;i++)
gets(a[i]);
for (i=0;i<3;i++)
for (j=i+1;j<4;j++)
{
if (strcmp(a[i],a[j])>0)
{
strcpy(temp,a[i]);
strcpy(a[i],a[j]);
strcpy(a[j],temp);
}
}
printf("Sorted strings are \n");
for (i=0;i<4;i++)
puts (a[i]);
getch();
}
3. PROGRAM TO TWO STINGS S1,S2 & CHECK IF S2 IS SUBSTRING OF S1 & ALSO THE
POSITION OF THE SUBSSTRING IN S1.
#include<stdio.h>
#include <string.h>
void main()
{
5
char st1[25],st2[25];
int cnt,i,j,k,c,len,m,sign;
clrscr();
printf("Enter the first string\n");
gets(st1);
printf("Enter the second string\n");
gets(st2);
len=strlen(st1);
for(i=0;i<len;i++)
{
c=0;
if (st1[i]==st2[c])
{
m=i;
sign=0;
cnt=0;
while(st2[c]!='\0' && sign!=1)
{
if (st1[m]==st2[c])
{
m++;c++;
cnt++;
}
else
sign=1;
}
if (sign==0)
{
printf("The given string is present\n");
printf("The starting position %d & ending position %d\n",i+1,(i+cnt));
k=1;
}
}
}
if (k != 1)
if (sign!=0)
printf("The given string is not present\n");
getch();
}
#include<stdio.h>
#include<string.h>
void main()
{
char str1[10],str2[10],str[20];
int i=0,j=0,k=0;
clrscr();
printf ("enter the two strings\n");
gets (str1);
gets (str2);
while (str1[i]!='\0')
{
6
str[k++]=str1[i++];
}
while (str2[j]!='\0')
{
str[k++]=str2[j++];
}
str[k]='\0';
printf("The concatenated string is:");
puts (str);
getch();
}
SESSION-2: STRUCTURES
#include<stdio.h>
#include<conio.h>
#define SIZE 50
void main()
{
int num,i,j;
int temp=0,tempe=0;
char tempn[50];
struct student
{
int eno ;
char name[50];
int avg;
} st[SIZE];
clrscr();
printf("Enter the number of students\n");
scanf("%d",&num);
for(i=0;i<num;i++)
{
printf("Enter the name of the student\n");
scanf("%s",&st[i].name);
printf("Enter the enrollment number\n");
scanf("%d",&st[i].eno);
printf("Enter aggregate marks of enter students \n");
scanf("%d",&st[i].avg);
}
for(i=0;i<num-1;i++)
for (j=i+1;j<num;j++)
{
temp=0;tempe=0;
if (st[i].avg<st[j].avg)
{
temp=st[i].avg;
7
st[i].avg=st[j].avg;
st[j].avg=temp;
strcpy(tempn,st[i].name);
strcpy(st[i].name,st[j].name);
strcpy(st[j].name,tempn);
tempe=st[i].eno;
st[i].eno=st[j].eno;
st[j].eno=tempe;
}
}
for(i=0;i<num;i++)
{
printf("Enrollment number:%d\n Name:%s\n",st[i].eno,st[i].name);
printf("Aggregate marks:%d\n Rank:%drank\n",st[i].avg,(i+1));
}
getch();
}
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
struct info
{
char name[30];
int eno;
struct info *next;
};
struct info *head=NULL,*temp,*disp;
void addrecord();
void deleterecord();
void disrecord();
void main()
{
int ch;
clrscr();
while (1)
{
printf("\n 1. To add records\n");
printf("\n 2. To delete a records\n");
printf("\n 3. To view the records\n");
printf("\n 4. To exit\n");
printf("\n Enter your choice\n");
scanf("%d",&ch);
fflush(stdin);
switch(ch)
{
case 1:addrecord();
break;
case 2:deleterecord();
break;
8
case 3: disrecord();
break;
case 4:exit(0);
}
}
}
void addrecord()
{
struct info *add;
char ans='y';
while (ans=='y')
{
add=(struct info*)malloc(sizeof(struct info));
printf("\n Enter the names:\n");
gets(add->name);
fflush(stdin);
printf("\n Enter the enrollment number:\n");
scanf("%d",&add->eno);
fflush(stdin);
if (head==NULL)
{
head=add;
add->next=NULL;
temp=add;
}
else
{
temp->next=add;
add->next=NULL;
temp=add;
}
printf("\n Would you like to enter another name(y\\n): \n");
ans = getchar();
fflush(stdin);
}
}
void deleterecord()
{
struct info *delete;
int teno, present=0;
if (head==NULL)
{
printf("\n No records to delete\n");
return;
}
printf("\n Enter the enrollment number to be deleted \n");
scanf("%d",&teno);
fflush(stdin);
for (delete=head;delete!=NULL;delete=delete->next)
{
if (delete->eno==teno)
9
{
if (head->eno==teno)
{
delete=head;
head=head->next;
free(delete);
return;
}
else
{
temp->next=delete->next;
free(delete);
return;
}
}
temp=delete;
}
if (present==0)
printf("\nNo such enrollment number present\n");
}
void disrecord()
{
if (head==NULL)
{
printf("\n No records to view\n");
return;
}
for (disp=head;disp!=NULL;disp=disp->next)
{
printf("\n\n Name : %s",disp->name);
printf("\n\n Number : %d",disp->eno);
}
}
#include<stdio.h>
#include<stdlib.h>
struct info
{
char name[30];
int eno;
struct info *next;
struct info *prev;
};
struct info *head=NULL,*temp,*disp;
void main()
{
void addrecord();
void deleterecord();
void disrecord();
1
0
int ch;
clrscr();
while (1)
{
printf("\n 1. To add records\n");
printf("\n 2. To delete a records\n");
printf("\n 3. To view the records\n");
printf("\n 4. To exit\n");
printf("\n Enter your choice\n");
scanf("%d",&ch);
fflush(stdin);
switch(ch)
{
case 1:addrecord();
break;
case 2:deleterecord();
break;
case 3: disrecord();
break;
case 4:exit(0);
}
}
}
void addrecord()
{
struct info *add;
char ans='y';
while (ans=='y')
{
add=(struct info*)malloc(sizeof(struct info));
printf("\n Enter the names:\n");
gets(add->name);
fflush(stdin);
printf("\n Enter the enrollment number:\n");
scanf("%d",&add->eno);
fflush(stdin);
if (head==NULL)
{
head=add;
add->next=NULL;
add->prev=NULL;
temp=add;
}
else
{
temp->next=add;
add->prev=temp;
add->next=NULL;
temp=add;
}
printf("\n Would you like to enter another name(y\\n): \n");
ans = getchar();
fflush(stdin);
}
1
1
}
void deleterecord()
{
struct info *del;
int teno;
if (head==NULL)
{
printf("\n No records to delete\n");
return;
}
printf("\nInvalid input\n");
}
void disrecord()
{
if (head==NULL)
{
printf("\n No records to view\n");
1
2
return;
}
printf("\n From forward direction\n");
for (disp=head;disp!=NULL;disp=disp->next)
{
printf("\n\n Name : %s",disp->name);
printf("\n\n Number : %d",disp->eno);
}
printf("\n Press any key to continue\n");
getchar();
printf("\n From backward direction\n");
for (disp=temp;disp!=NULL;disp=disp->prev)
{
printf("\n\n Name : %s",disp->name);
printf("\n\n Number : %d",disp->eno);
}
#include<stdio.h>
#include<alloc.h>
#include<conio.h>
struct node
{
int data;
struct node *next;
};
struct node *head=NULL;
struct node *tail=NULL;
void main()
{
void addrecord();
void deleterecord();
void disrecord();
int ch;
clrscr();
do
{
printf("\n 1. To add records\n");
printf("\n 2. To delete a records\n");
printf("\n 3. To view the records\n");
printf("\n 4. To exit\n");
printf("\n Enter your choice\n");
scanf("%d",&ch);
fflush(stdin);
switch(ch)
{
case 1:addrecord();
break;
case 2:deleterecord();
break;
case 3: disrecord();
break;
case 4:exit(0);
1
3
}
} while (ch!=4);
}
void addrecord()
{
int new_data;
char ans='y';
struct node *ptr,*prev,*temp;
clrscr();
while (ans=='y')
{
temp=(struct node*)malloc(sizeof(struct node));
printf("\n Enter the new element:\n");
scanf("%d",&new_data);
fflush(stdin);
temp->data=new_data;
temp->next=NULL;
if (head==NULL)
{
head=tail=temp;
temp->next=head;
}
else
{
tail->next=temp;
tail=temp;
}
printf("\n Would you like to enter another data(y\\n): \n");
ans = getchar();
fflush(stdin);
}
}
void deleterecord()
{
struct node *ptr,*prev,*delnode;
int elt;
if (head==NULL)
{
printf("\n No elements in the list \n");
return;
}
else
{
if (head->data==elt)
{
delnode=head;
if (head==tail)
1
4
head=tail=NULL;
else
{
head=head->next;
tail->next=head;
}
}
else if (tail->data==elt)
{
for(ptr=head;(ptr!=tail);prev=ptr,ptr=ptr->next);
delnode=tail;
tail=prev;
tail->next=head;
}
else
{
for(prev=ptr=head;(ptr->data!=elt)&&(ptr!=tail);
prev=ptr,ptr=ptr->next);
if(ptr->data==elt)
{
delnode=ptr;
prev->next=ptr->next;
printf("yes...");
}
else
{
printf("Given element not found in the list");
getch();
return;
}
}
}
free(delnode);
}
void disrecord()
{
struct node *ptr,*prev=NULL;
if (head==NULL)
{
printf("\n No records to view\n");
return;
}
printf("\n The elements in the circular list are\n");
for (ptr=head;prev!=tail;prev=ptr,ptr=ptr->next)
printf("\n\n %d",ptr->data);
printf(" NULL\n\n ");
getch();
}
2. PROGRAM TO ACCEPT 2 SINGLY LINKED LISTS & PRINT A SINGLY LINKED LIST
THOSE ELEMENTS ARE COMMON IN BOTH THE LIST.
1
5
#include<stdio.h>
#include<stdlib.h>
struct info
{
int num;
struct info *next;
};
struct node
{
int num1;
struct node *next1;
};
struct com
{
int num2;
struct com *next2;
};
void addrecord();
void disrecord();
void main()
{
int ch;
clrscr();
while (1)
{
printf("\n 1. To add records\n");
printf("\n 2. To view the records\n");
printf("\n 3. To exit\n");
printf("\n Enter your choice\n");
scanf("%d",&ch);
fflush(stdin);
switch(ch)
{
case 1:addrecord();
break;
case 2:disrecord();
break;
case 3: exit(0);
}
}
}
void addrecord()
{
struct info *add;
struct node *add1;
1
6
char ans='y';
char choice='y';
while (ans=='y')
{
add=(struct info*)malloc(sizeof(struct info));
printf("\n Enter the element of the first list:\n");
scanf("%d",&add->num);
fflush(stdin);
if (head==NULL|| head->num>=add->num)
{
add->next=head;
head=add;
}
else
{
temp=head;
while (temp->next!=NULL && temp->next->num < add->num)
{
temp=temp->next;
}
add->next=temp->next;
temp->next=add;
}
printf("\n Would you like to enter another name(y\\n): \n");
ans = getchar();
}
while (choice=='y')
{
add1=(struct node*)malloc(sizeof(struct node));
printf("\n Enter the element of the second list:\n");
scanf("%d",&add1->num1);
fflush(stdin);
if (head1==NULL|| head1->num1>=add1->num1)
{
add1->next1=head1;
head1=add1;
}
else
{
temp1=head1;
while (temp1->next1!=NULL && temp1->next1->num1 < add1->num1)
{
temp1=temp1->next1;
}
add1->next1=temp1->next1;
temp1->next1=add1;
}
printf("\n Would you like to enter another name(y\\n): \n");
choice = getchar();
fflush(stdin);
}
}
1
7
void disrecord()
{
struct com *add2;
if (head==NULL)
{
printf("\n No records to view\n");
return;
}
for (disp=head;disp!=NULL;disp=disp->next)
{
printf("\n\n Number : %d",disp->num);
}
for (disp1=head1;disp1!=NULL;disp1=disp1->next1)
{
printf("\n\n Number : %d",disp1->num1);
}
for (disp=head;disp!=NULL;disp=disp->next)
{
for (disp1=head1;disp1!=NULL;disp1=disp1->next1)
{
if (disp->num==disp1->num1)
{
add2=(struct com*)malloc(sizeof(struct com));
add2->num2=disp->num;
printf("%d",add2->num2);
if(head2==NULL)
{
head2= add2;
add2->next2=NULL;
temp2=add2;
}
else
{
temp2->next2=add2;
add2->next2=NULL;
temp2=add2;
}
}
}
}
printf("\n Sorted list is \n\n");
for (disp2=head2;disp2!=NULL;disp2=disp2->next2)
{
printf("\n\n Number : %d",disp2->num2);
}
3. PROGRAM TO ACCEPT A SINGLY LINKED LIST OF INTEGERS & SORT THE LIST IN
ASCENDING ORDER.
#include<stdio.h>
#include<stdlib.h>
struct info
{
char name[30];
1
8
int eno;
struct info *next;
};
struct info *temp,*disp,*head;
void addrecord();
void disrecord();
void main()
{
int ch;
clrscr();
while (1)
{
printf("\n 1. To add records\n");
printf("\n 2. To view the records\n");
printf("\n 3. To exit\n");
printf("\n Enter your choice\n");
scanf("%d",&ch);
fflush(stdin);
switch(ch)
{
case 1:addrecord();
break;
case 2:disrecord();
break;
case 3: exit(0);
}
}
}
void addrecord()
{
struct info *add;
char ans='y';
while (ans=='y')
{
add=(struct info*)malloc(sizeof(struct info));
printf("\n Enter the name:\n");
gets(add->name);
fflush(stdin);
printf("\n Enter the enrollment number:\n");
scanf("%d",&add->eno);
fflush(stdin);
if (head==NULL|| head->eno>=add->eno)
{
add->next=head;
head=add;
}
else
{
temp=head;
while (temp->next!=NULL && temp->next->eno < add->eno)
{
1
9
temp=temp->next;
}
add->next=temp->next;
temp->next=add;
}
printf("\n Would you like to enter another name(y\\n): \n");
ans = getchar();
fflush(stdin);
}
}
void disrecord()
{
if (head==NULL)
{
printf("\n No records to view\n");
return;
}
for (disp=head;disp!=NULL;disp=disp->next)
{
printf("\n\n Name : %s",disp->name);
printf("\n\n Number : %d",disp->eno);
}
}
SESSION 4: STACKS
#include<stdio.h>
#include<string.h>
top=-1;
strrev(prefix);
for(i=0;i<strlen(prefix);i++)
2
0
{
symbol=prefix[i];
temp[0]=symbol;
temp[1]='\0';
switch (symbol)
{
case '+':
case '-':
case '*':
case '/':
case '^':
op1=pop(&top,s);
op2=pop(&top,s);
strcpy(postfix,op1);
strcat(postfix,op2);
strcat(postfix,temp);
push(postfix,&top,s);
break;
default:
push(temp,&top,s);
}
}
void main()
{
char prefix[20];
char postfix[20];
printf("\n\n Enter the prefix expression \n\n");
scanf("%s",prefix);
pre_post(prefix,postfix);
printf("\n\n The postfix expression is %s \n\n",postfix);
}
#include<stdio.h>
#include<string.h>
#define STACK_SIZE 20
void push(char item,int *top,char s[])
{
if (*top==STACK_SIZE-1)
{
printf("\n stack overflow\n");
return;
}
s[++(*top)]=item;
}
2
1
return 0;
}
item_deleted=s[(*top)--];
return item_deleted;
}
for(i=0;i<strlen(str);i++)
{
push (str[i],&top,s);
}
printf("\n The reversed string is:");
for(i=0;i<strlen(str);i++)
{
stk_item= pop (&top,s);
printf("%c",stk_item);
}
getch();
}
void main()
{
char str[20];
clrscr();
printf("\n Enter the string to be reversed\n");
scanf("%s",str);
is_rev(str);
}
#include<stdio.h>
#include<conio.h>
#include<alloc.h>
struct node
{
int data;
struct node *left,*right;
};
struct node *root;
void insert(int x)
{
struct node *p,*previous,*current;
p=(struct node *)malloc(sizeof(struct node));
if(p==NULL)
{
printf("\n Out of memory");
}
2
2
p->data=x;
p->left=NULL;
p->right=NULL;
if(root=NULL)
{
root=p;
return;
}
previous=NULL;
current=root;
while(current!=NULL)
{
previous=current;
if(p->data<current->data)
current=current->left;
else
current=current->right;
}
if(p->data<previous->data)
previous->left=p;
else
previous->right=p;
}
void inorder(struct node *t)
{
if (t!=NULL)
{
inorder(t->left);
printf("\n %5d",t->data);
inorder (t->right);
}
}
void del(int x)
{
int tright=0,tleft=0;
struct node *ptr=root;
struct node *parent=root;
struct node *t1=root;
struct node *temp=root;
while(ptr!=NULL&& ptr->data!=x)
{
parent=ptr;
if (x<ptr->data)
ptr=ptr->left;
else
ptr=ptr->right;
}
if (ptr==NULL)
{
printf("\n Delete element not found");
return ;
}
else if(t1->data==x && (t1->left ==NULL || t1->right==NULL))
if(t1->left==NULL)
t1=t1->right;
else
2
3
t1=t1->left;
else if (ptr->left==NULL)
if (x<parent->data)
parent->left=ptr->right;
else
parent->right=ptr->right;
else if (ptr->right==NULL)
if (x<parent->data)
parent->left=ptr->left;
else
parent->right=ptr->left;
else
{
temp=ptr;
parent=ptr;
if((ptr->left)>=(ptr->right))
{
ptr=ptr->left;
while(ptr->right!=NULL)
{
tright=1;
parent=ptr;
ptr=ptr->right;
}
temp->data=ptr->data;
if(tright)
parent->right=ptr->left;
else
parent->left=ptr->left;
}
else
{
ptr=ptr->right;
while (ptr->left!=NULL)
{
tleft=1;
parent=ptr;
ptr=ptr->left;
}
temp->data=ptr->data;
if(tleft)
parent->left=ptr->right;
else
parent->right=ptr->right;
}
free(ptr);
}
}
void main()
{
int op,n,srchno;
root=(struct node *)malloc(sizeof(struct node));
root->data=30;
root->right=root->left=NULL;
2
4
clrscr();
do
{
printf("\n 1.Insertion");
printf("\n 2.Deletion");
printf("\n 3.Inorder");
printf("\n 4.Quit");
printf("\n Enter your choice\n");
scanf("%d",&op);
switch (op)
{
case 1: printf("\n Enter the element to insert\n");
scanf("%d",&n);
insert(n);
break;
case 2: printf("\n Enter the element to be deleted\n");
scanf("%d",&srchno);
del(srchno);
break;
case 3: printf("\n The inorder elements are\n");
inorder(root);
getch();
break;
default: exit(0);
}
}while(op<4);
getch();
#include<stdio.h>
#include<conio.h>
#include<alloc.h>
struct node
{
int data;
struct node *left,*right;
};
struct node *root;
2
5
if (opt==1)
{
printf("\tat the left\n");
getch();
}
else
{
printf("\tat the right\n");
getch();
}
}
2
6
}
void main()
{
int op,n;
root=(struct node *)malloc(sizeof(struct node));
root->data=30;
root->right=root->left=NULL;
clrscr();
do
{
printf("\n 1.Insertion");
printf("\n 2.Preorder");
printf("\n 3.Inorder");
printf("\n 4.Postorder");
printf("\n 5.Quit");
printf("\n Enter your choice\n");
scanf("%d",&op);
switch (op)
{
case 1: printf("\n Enter the element to insert\n");
scanf("%d",&n);
inser(root,n);
break;
case 2: printf("\n The preorder elements are\n");
preorder(root);
getch();
break;
case 3: printf("\n The inorder elements are\n");
inorder(root);
getch();
break;
#include<stdio.h>
void main()
{
int *a[100],i,no,*srchno;
clrscr();
printf("\n Enter the number of elements\n");
2
7
scanf("%d",&no);
printf("\n Enter %d numbers\n",no);
for(i=0;i<no;++i)
scanf("%d",&a[i]);
printf("Enter the search number\n");
scanf("%d",&srchno);
for(i=0;i<no;++i)
if(srchno==a[i])
{
printf("\n search number is present");
exit(0);
}
printf("\n Search number is not present");
}
#include<stdio.h>
void main()
{
int *a[100],i,no,*srchno,top,bottom,mid,j,*temp;
clrscr();
printf("\n Enter the number of elements\n");
scanf("%d",&no);
printf("\n Enter %d numbers\n",no);
for(i=0;i<no;++i)
scanf("%d",&a[i]);
printf("Enter the search number\n");
scanf("%d",&srchno);
for(i=0;i<no-1;++i)
for(j=i+1;j<no;++j)
if(a[i]>a[j])
{
temp=a[i];
a[i]=a[j];
a[j]=temp;
}
printf("\n Sorted array in ascending order\n");
for(i=0;i<no;++i)
printf("%5d",a[i]);
bottom=0;
top=no-1;
while(top!=bottom+1)
{
mid=(bottom+top)/2;
if (a[mid]<=srchno)
bottom=mid;
else
top=mid;
}
if(a[bottom]==srchno)
printf("\n search number is present");
else
printf("\n Search number is not present");
}
2
8
3. PROGRAM TO IMPLEMENT QUICK SORT USING POINTERS.
#include<stdio.h>
int *x[100],no,i;
void display();
void sort();
void main()
{
clrscr();
printf("\n Enter the number of elements\n");
scanf("%d",&no);
printf("\n Enter %d numbers\n",no);
for(i=0;i<no;++i)
scanf("%d",&x[i]);
sort(0,no-1);
display();
}
void display ()
{
printf("\n Sorted elements are:\n");
for(i=0;i<no;++i)
printf("%5d",x[i]);
getch();
}
2
9
x[j]=temp;
sort(first,j-1);
sort(j+1,last);
}
}
#include<stdio.h>
int *x[100],no,i;
void buildheap();
void sort();
void main()
{
clrscr();
printf("\n Enter the number of elements\n");
scanf("%d",&no);
printf("\n Enter %d numbers\n",no);
for(i=1;i<=no;++i)
scanf("%d",&x[i]);
buildheap();
sort();
printf("\n Sorted elements are:\n");
for(i=1;i<=no;++i)
printf("%5d",x[i]);
getch();
}
void buildheap()
{
int j,k,*temp;
for(k=2;k<no;++k)
{
i=k;
temp=x[k];
j=i/2;
while((i>1)&&(temp>x[j]))
{
x[i]=x[j];
i=j;
j=i/2;
if(j<1)j=1;
}
x[i]=temp;
}
}
void sort()
{
int *temp,*value,j,k;
for(k=no;k>=2;--k)
{
temp=x[1];
x[1]=x[k];
3
0
x[k]=temp;
i=1;
value=x[1];
j=2;
if ((j+1)<k)
if(x[j+1]>x[j])
j++;
while((j<=(k-1))&&(x[j]>value))
{
x[i]=x[j];
i=j;
j=2*i;
if ((j+1)<k)
if(x[j+1]>x[j])
j++;
else
if(j>no)
j=no;
x[i]=value;
}
}
#include<stdio.h>
int *a[100],*b[100],*c[100],i,j,k,item1,item2;
void main()
{
clrscr();
printf("\n Enter the number of elements in the first array\n");
scanf("%d",&item1);
printf("\n Enter %d numbers\n",item1);
for(i=0;i<item1;++i)
scanf("%d",&a[i]);
printf("\n Enter the number of elements in the second array\n");
scanf("%d",&item2);
printf("\n Enter %d numbers\n",item2);
for(i=0;i<item2;++i)
scanf("%d",&b[i]);
input1();
input2();
sort();
printf("Sorted merged array is:\n");
display();
}
input1()
{
bsort(a,item1);
printf("\n Sorted first array\n");
for(i=0;i<item1;++i)
printf("%d\n",a[i]);
}
input2()
3
1
{
bsort(b,item2);
printf("\n Sorted second array\n");
for(i=0;i<item2;++i)
printf("%d\n",b[i]);
}
bsort(int *m[],int n)
{
int swap=1,*temp;
for(i=0;i<n && swap==1;++i)
{
swap=0;
for(j=0;j<n-(i+1);++j)
if (m[j]>m[j+1])
{
temp=m[j];
m[j]=m[j+1];
m[j+1]=temp;
swap=1;
}
}
}
display()
{
for (i=0;i<item1+item2;++i)
printf("%d\n",c[i]);
}
sort()
{
int i,j,k;
i=j=k=0;
while ((i<item1)&& (j<item2))
{
if (a[i]<b[j])
{
c[k]=a[i];
i++;
k++;
}
else
{
if (a[i]>b[j])
{
c[k]=b[j];
j++;
k++;
}
else
{
c[k]=a[i];
i++;
j++;
k++;
3
2
}
}
}
while(i<item1)
{
c[k]=a[i];
i++;
k++;
}
while(j<item2)
{
c[k]=b[j];
j++;
k++;
}
}
}
#include<stdio.h>
int *a[100],i,j,item;
void main()
{
void sort(),display();
int i;
clrscr();
printf("\n Enter the number of elements in the first array\n");
scanf("%d",&item);
printf("\n Enter %d numbers\n",item);
for(i=0;i<item;++i)
scanf("%d",&a[i]);
sort();
display();
}
void sort()
{
int swap=1,*temp;
for(i=0;i<item && swap==1;++i)
{
swap=0;
for(j=0;j<item-(i+1);++j)
if (a[j]>a[j+1])
{
temp=a[j];
a[j]=a[j+1];
a[j+1]=temp;
swap=1;
}
}
}
void display()
{
printf("\n Sorted elements are:\n");
3
3
for(i=0;i<item;++i)
printf("%d\n",a[i]);
getch();
}
OPERATING SYSTEM
3
4
Session 1: Network Configuration
Exercise 1:- Run the following commands and write the use of each command:
a. Ipconfig
Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration
Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays
the IP address, subnet mask, and default gateway for all adapters.
Parameters
/all : Displays the full TCP/IP configuration for all adapters. Without this parameter, ipconfig displays
only the IP address, subnet mask, and default gateway values for each adapter. Adapters can represent
physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.
/renew [Adapter] : Renews DHCP configuration for all adapters (if an adapter is not specified) or for a
specific adapter if the Adapter parameter is included. This parameter is available only on computers with
adapters that are configured to obtain an IP address automatically. To specify an adapter name, type the
adapter name that appears when you use ipconfig without parameters.
/release [Adapter] : Sends a DHCPRELEASE message to the DHCP server to release the current DHCP
configuration and discard the IP address configuration for either all adapters (if an adapter is not specified)
or for a specific adapter if the Adapter parameter is included. This parameter disables TCP/IP for adapters
configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that
appears when you use ipconfig without parameters.
/flushdns : Flushes and resets the contents of the DNS client resolver cache. During DNS troubleshooting,
you can use this procedure to discard negative cache entries from the cache, as well as any other entries
that have been added dynamically.
/displaydns : Displays the contents of the DNS client resolver cache, which includes both entries
preloaded from the local Hosts file and any recently obtained resource records for name queries resolved
by the computer. The DNS Client service uses this information to resolve frequently queried names
quickly, before querying its configured DNS servers.
/registerdns : Initiates manual dynamic registration for the DNS names and IP addresses that are
configured at a computer. You can use this parameter to troubleshoot a failed DNS name registration or
resolve a dynamic update problem between a client and the DNS server without rebooting the client
computer. The DNS settings in the advanced properties of the TCP/IP protocol determine which names are
registered in DNS.
3
5
/showclassid Adapter : Displays the DHCP class ID for a specified adapter. To see the DHCP class ID for
all adapters, use the asterisk (*) wildcard character in place of Adapter. This parameter is available only on
computers with adapters that are configured to obtain an IP address automatically.
/setclassid Adapter [ClassID] : Configures the DHCP class ID for a specified adapter. To set the DHCP
class ID for all adapters, use the asterisk (*) wildcard character in place of Adapter. This parameter is
available only on computers with adapters that are configured to obtain an IP address automatically. If a
DHCP class ID is not specified, the current class ID is removed.
b. Ping
Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol
(ICMP) Echo Request messages. The receipt of corresponding Echo Reply messages are displayed, along
with round-trip times. Ping is the primary TCP/IP command used to troubleshoot connectivity,
reachability, and name resolution. Used without parameters, ping displays help.
C:\>ping example.microsoft.com
Pinging example.microsoft.com [192.168.239.132] with 32 bytes of data:
Reply from 192.168.239.132: bytes=32 time=101ms TTL=124
Reply from 192.168.239.132: bytes=32 time=100ms TTL=124
Reply from 192.168.239.132: bytes=32 time=120ms TTL=124
Reply from 192.168.239.132: bytes=32 time=120ms TTL=124
c. diskperf
Both Logical and Physical Disk Performance counters on this system are automatically enabled on
demand.
For legacy applications using IOCTL_DISK_PERFORMANCE to retrieve raw counters,
you can use -Y or -N to forcibly enable or disable. No reboot is required.
d. Netstat
Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP
routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6,
ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active
TCP connections.
To display both the Ethernet statistics and the statistics for all protocols, type the following command:
netstat -e -s
To display the statistics for only the TCP and UDP protocols, type the following command:
netstat -s -p tcp udp
To display active TCP connections and the process IDs every 5 seconds, type the following command:
nbtstat -o 5
To display active TCP connections and the process IDs using numerical form, type the following
command:
nbtstat -n -o
3
6
e. Pathping
Provides information about network latency and network loss at intermediate hops between a source and
destination. Pathping sends multiple Echo Request messages to each router between a source and
destination over a period of time and then computes results based on the packets returned from each router.
Because pathping displays the degree of packet loss at any given router or link, you can determine which
routers or subnets might be having network problems. Pathping performs the equivalent of the tracert
command by identifying which routers are on the path. It then sends pings periodically to all of the routers
over a specified time period and computes statistics based on the number returned from each. Used
without parameters, pathping displays help.
f. Tftp
Transfers files to and from a remote computer, typically a computer running UNIX, that is running the
Trivial File Transfer Protocol (TFTP) service or daemon. Used without parameters, tftp displays help.
g. Fc
Compares two files and displays the differences between them.
h. Nbtstat
Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local
computer and remote computers, and the NetBIOS name cache. Nbtstat allows a refresh of the NetBIOS
name cache and the names registered with Windows Internet Name Service (WINS). Used without
parameters, nbtstat displays help.
i. Rcp
Copies files between a Windows XP computer and a system running rshd, the remote shell service
(daemon). Windows XP and Windows 2000 do not provide rshd service. Used without parameters, rcp
displays help.
j. Lpr
Sends a file to a computer running Line Printer Daemon (LPD) in preparation for printing. Used without
parameters, lpr displays command-line help for the lpr command.
Syntax
Lpr [-S ServerID] -P PrinterName [-C BannerContent] [-J JobName] [{-o | -o l}] [-d] [-x] FileName
Tracert
Determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo
Request messages to the destination with incrementally increasing Time to Live (TTL) field values. The
path displayed is the list of near-side router interfaces of the routers in the path between a source host and
a destination. The near-side interface is the interface of the router that is closest to the sending host in the
path. Used without parameters, tracert displays help.
3
7
Nslookup
Displays information that you can use to diagnose Domain Name System (DNS) infrastructure. Before
using this tool, you should be familiar with how DNS works. The Nslookup command-line tool is
available only if you have installed the TCP/IP protocol.
Route
Displays and modifies the entries in the local IP routing table. Used without parameters, route displays
help.
Syntax
route [-f] [-p] [Command [Destination] [mask Netmask] [Gateway] [metric Metric]] [if Interface]]
Lpq
Displays the status of a print queue on a computer running Line Printer Daemon (LPD). Used without
parameters, lpq displays command-line help for the lpq command.
Syntax
lpq -S ServerName -P PrinterName [-l]
Rsh
Runs commands on remote computers running the RSH service or daemon. Windows XP and
Windows 2000 do not provide an RSH service. An RSH service called Rshsvc.exe is provided with the
Windows 2000 Server Resource Kit. Used without parameters, rsh displays help.
Syntax
rsh [Host] [-l UserName] [-n] [Command]
Chkdsk
Creates and displays a status report for a disk based on the file system. Chkdsk also lists and corrects
errors on the disk. Used without parameters, chkdsk displays the status of the disk in the current drive.
Syntax
chkdsk [volume:][[Path] FileName] [/f] [/v] [/r] [/x] [/i] [/c] [/l[:size]]
Hostname
Displays the host name portion of the full computer name of the computer.
net account
The syntax of this command is:
Exercise 2:
3
8
Arp
Displays and modifies entries in the Address Resolution Protocol (ARP) cache, which contains one or
more tables that are used to store IP addresses and their resolved Ethernet or Token Ring physical
addresses. There is a separate table for each Ethernet or Token Ring network adapter installed on your
computer. Used without parameters, arp displays help.
C:\Documents and Settings\sandipo>arp -a
Exercise 3:
Ipxroute
Displays and modifies information about the routing tables used by the IPX protocol. Used without
parameters, ipxroute displays the default settings for packets that are sent to unknown, broadcast, and
multicast addresses.
Syntax
ipxroute servers [/type=x]
ipxroute ripout network
ipxroute resolve {guid | name} {guid | AdapterName}
ipxroute board=n [def] [gbr] [mbr] [remove=xxxxxxxxxxxx]
ipxroute config
Parameters
servers [/type=x] : Displays the Service Access Point (SAP) table for the specified server type. x must be
an integer. For example, /type=4 displays all file servers. If you do not specify /type, ipxroute servers
displays all types of servers, listing them by server name.
ripout network : Discovers if network is reachable by consulting the IPX stack's route table and sending
out a rip request if necessary. Network is the IPX network segment number.
resolve {guid | name} {guid | AdapterName} : Resolves the name of the guid to its friendly name, or the
friendly name to its guid.
board=n : Specifies the network adapter for which to query or set parameters.
def : Sends packets to the ALL ROUTES broadcast. If a packet is transmitted to a unique Media Access
Card (MAC) address that is not in the source routing table, ipxroute sends the packet to the SINGLE
ROUTES broadcast by default.
gbr : Sends packets to the ALL ROUTES broadcast. If a packet is transmitted to the broadcast address
(FFFFFFFFFFFF), ipxroute sends the packet to the SINGLE ROUTES broadcast by default.
mbr : Sends packets to the ALL ROUTES broadcast. If a packet is transmitted to a multicast address
(C000xxxxxxxx), ipxroute sends the packet to the SINGLE ROUTES broadcast by default.
remove=xxxxxxxxxxxx : Removes the given node address from the source routing table.
config : Displays information about all of the bindings for which IPX is configured.
3
9
Exercise 4:
With Netsh.exe you can easily view your TCP/IP settings. Type the following command in a Command
Prompt window (CMD.EXE):
With Netsh.exe, you can easily configure your computer's IP address and other TCP/IP related
settings. For example:
The following command configures the interface named Local Area Connection with the static IP address
192.168.0.100, the subnet mask of 255.255.255.0, and a default gateway of 192.168.0.1:
netsh interface ip set address name="Local Area Connection" static 192.168.0.100 255.255.255.0
192.168.0.1
Exercise 6:
Routing is configured on a W2K Server / Windows Server 2003 machine by use of the RRAS snap-
in. However, this console is NOT available on a W2K Pro or XP Pro machine.
If you have 2 small network segments populated with no more than a handful of computers per
segment, you CAN use a W2K Pro / XP Pro machine as a router between these segments.
First, you need to install at least 2 NICs on the machine.
Now you need to configure each NIC with the appropriate IP address for the segments that it's
connected to.
Next, you need to configure that IP as the Default Gateway for all the computers on that NIC.
For example, if you have 2 segments (we'll call them Segment A and Segment B respectively) with
the following Network IDs:
Segment A - 192.168.0.0/24
Segment B - 192.168.1.0/24
NIC A - 192.168.0.1
NIC B - 192.168.1.1
Then the IP addresses of NIC A and NIC B will be the Default Gateways for segment A and B
respectively.
Next, you need to configure IP Routing between the segments. As I said, this feature is not
configurable via any GUI in W2K Pro and XP Pro, so you'll need to edit the registry:
4
0
2. In the registry navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3. Select the "IPEnableRouter" entry (by default the value is 0) and change it's value to 1.
4. Close Regedit.
5. Reboot.
Key
context may be any of:
DHCP, ip, ipx, netbeui, ras, routing,
autodhcp, dnsproxy, igmp, mib, nat, ospf, relay, rip, wins.
/exec script_file_name
Load the script file and execute commands from it.
/offline
Set the current mode to offline.
changes made in this mode are saved, but require a "commit"
or "online" command to be set in the router.
/online
Set the current mode to online.
Changes in this mode are immediately reflected in the router.
/commit Commit any changes made in the offline mode to the router.
4
1
/delete helper .dll file name
Remove the helper .dll file from Netsh.exe.
/alias [alias_name]
Display the string value of the alias.
/unalias alias_name
Delete an alias.
4
2
Session 5:-
Exercise 2: Add different users and groups. Also configure their permission.
When you add a user to your computer, you are allowing that individual to have access to files and
programs on your computer.
The steps to perform this task differ depending on whether your computer is a member of a network
domain or is part of a workgroup (or is a stand-alone computer).
My computer is on a domain
You must be logged on as an administrator or a member of the Administrators group in order to complete
this procedure. If your computer is connected to a network, network policy settings might also prevent you
from completing this procedure.
Add New User gives an existing domain user permission to use the computer.
You can only add existing domain users by using User Accounts. To add a new local user, on the
Advanced tab, click the Advanced button. In Local Users and Groups, click Users, and then on
the Action menu, click New User.
You should not add a new user to the Administrators group unless the user will perform only
administrative tasks. For more information, click Related Topics.
The name you assign to the account is the name that will appear on the Welcome screen and the
Start menu.
The first user you add to the computer must be assigned a computer administrator account.
When your computer is part of a network domain, users are assigned to user groups and are granted the
rights and permissions granted to the group. When your computer is part of a workgroup or is a stand-
alone computer, users are assigned types of user accounts and are granted the rights and permissions
associated with the user account.
4
3
The steps to perform this task differ depending on whether your computer is a member of a network
domain or is part of a workgroup (or is a stand-alone computer).
Exercise 3:- Connect and configure your computer with a Network Printer.
1. Connect the printer to the appropriate port on your computer according to the printer
manufacturer's documentation, and verify that it is ready to print.
2. Although Windows automatically detects and installs most printers, you might need to
provide additional information to complete the installation. Choose from the following,
depending on the type of printer you have.
3. If you could not install your printer using Plug and Play , or if the printer is attached to
your computer with a serial (COM) port, then open Printers
4. Double-click Add Printer to start the Add Printer wizard, and then click Next.
In Windows 2000 Server, the Add Printer wizard shares the printer and publishes it in
Active Directory by default, unless you select Do not share this printer in the wizard's
Printer Sharing screen. In Windows 2000 Professional, the Add Printer wizard doesn't
share the printer automatically; you need to select Share as to share and publish the
printer.
To open Printers, click Start, point to Settings, and then click Printers.
If you add and set up a Plug-and-Play printer (USB, IEEE 1394, LPT, Infrared, etc.), you do
not need to have administrative privileges. However, to add and set up a non Plug-and-Play
printer connected directly to your computer, you must be logged on as an administrator or a
member of the Administrators group. If your computer is connected to a network, network
policy settings may also prevent you from completing this procedure.
If you intend to share the printer with clients other than Windows 2000, you need to install
the appropriate printer drivers for these clients on the print server. When clients on
Windows NT 4.0, Windows 95, and Windows 98 connect to the printer, the system
automatically downloads the correct driver to the client.
When you are adding a new printer that is connected to a computer and the Add Printer
wizard prompts you to select the printer port, you normally select from the Existing list one
4
4
of the parallel (LPT) ports. For some plotters you might need to select one of the serial
(COM) ports.
The following Group Policy settings can change the default behavior of the Windows 2000
Server Add Printer wizard:
Allow printers to be published is enabled by default; you can disable it to prevent printers
from being published.
Automatically publish new printers in the Active Directory is enabled by default; you
can disable it to prevent the Add Printer wizard from automatically publishing printers when
adding a new printer.
Display the down level page in the Add Printer wizard is enabled by default; you can
disable it to prevent the Add Printer wizard from browsing the network for shared printers.
Share your printer
To share your printer
1. Open Printers
2. Right-click the printer you want to share, and then click Sharing.
3. On the Sharing tab, click Shared as and then type a name for the shared printer
If you share the printer with users on different hardware or different operating systems,
click Additional Drivers. Click the environment and operating system for the other
computers, and then click OK to install the additional drivers
If you are logged on to a Windows 2000 domain , you can make the printer available
to other users on the domain by clicking List in the Directory to publish the printer in
the Directory.
Note
To open Printers, click Start, point to Settings, and then click Printers.
Printers are not shared by default when you install them on Windows 2000 Professional, but
you can choose to share any printer you install on your computer. (On Windows 2000
Server, the printer is shared by default when you add the printer.)
When you publish a printer in Active Directory , other users logged onto the
Windows 2000 domain will be able to search for the printer based on its location and
features such as how many pages it prints per minute and whether color printing is
supported.
1. Open Printers
2. Right-click the printer for which you want to set permissions, click Properties, and then
click the Security tab.
4
5
3. Do one of the following:
To set up permissions for a new user or group, click Add. In Name, type the
name of the user or group you want to set permissions for, click Add, and then
click OK to close the dialog box.
4. In Permissions, click Allow or Deny for each permission you want to allow or deny, if
necessary. Or, to remove the user or group from the permissions list, click Remove.
Note
To change device settings, you must have the Manage Printers permission. For information
about printing security permissions, see Related Topics.
To open Printers, click Start, point to Settings, and then click Printers.
To view or change the underlying permissions that make up Print, Manage Printers, and
Manage Documents, click the Advanced button.
A printer must be shared in order for the permission settings to affect the users and groups
listed.
You can also view the permissions assigned to you by clicking the group you belong to on
the Security tab. For information on finding out what group you belong to, see Related
Topics.
Exercise 4:- Install and configure Windows 2000 Active Directory and Domain Controller.
You can install Active Directory by selecting "Start", "Run", and typing "Dcpromo.exe" in the text box or
follow the following selections:
Internet Explorer 4.01 or later must be installed on any system that the Directory Service Client is to be
installed on in order for the install wizard to run. To install Directory Service Client:
4
6
4. Type "cd \clients\win9x" and type "dsclient".
5. Follow the wizard prompts to complete the installation.
DNS
DNS is required to use Active Directory since clients use DNS to locate Active Directory controllers.
Servers and client computers register their names and IP addresses with the DNS server. The DNS server
must support Service Resource Records (SRVs) according to RFC 2052 and dynamic update protocol
according to RFC 2136. DNS can be installed with the Active Directory server or on a separate DNS
server.
In each child domain, Active Directory must be installed on the first domain controller.
Domain Controllers hold copies of the user database and authenticate users in a Windows NT and
Windows 2000 Domain structure. In Windows NT, a domain contained a single Primary Domain
Controller (PDC) and several Backup Domain Controllers (BDC). In Windows 2000 there are no official
Primary Domain Controllers, only Domain Controllers (some of which can have special attributes). We've
put together a few resources to help you manage all of your domain controllers and keep them healthy.
You can continue the configuration at this time, but you can also select to close this windows
and to configure other items on the system or to install some other software, because this window
will be shown on each new logon until you have made the configuration and selected that this
windows will NOT be displayed anymore.
4
7
You can display
this
window at any
time by
selecting in the
menu
"Configure
Your Server",
which is part of
the
"Administrative
Tools"
There are multiple possibilities to configure a server for "Active Directory", depending on
whether you have a small network with just one server or a larger network with multiple server or
even a WAN with server in multiple countries.
In this installation example below, I assume that this is the only Windows 2000 server on the
network.
If you have no special needs for the configuration, then you can simply follow the instructions
of this wizard to configure your system:
- select "This is the only server in my network"
- continue with "Next":
4
8
This selection would "automatically configure" the server with all required components:
- the Active Directory
- a DHCP-server
- a DNS-server (which is required for the Active Directory)
4
9
Before allowing this wizard to reconfigure completely my system, I requested to
"Show more details":
5
0
The wizard would define for me the IP-address for the server and the subnet for my
complete network , which I did not like: I needed to use a different IP-address.
I decided therefore to cancel this step and to follow the advise to go back to "Home"
to select the other option : "One or more servers are already running in my network" :
5
1
No more fully automated installation by a wizard:
5
2
We need now to select manually the services to be installed from the menu on the left.
5
3
You have the
possibility to
read more about the
details
of domain
controller and
on how to define
multiple
domain-controllers
in a network.
( since this example
assumes only
ONE Windows
2000 server on the
network, I will not
discuss here the
terms "Tree" and
"Forest")
Important:
the installation of
the Active Directiry
requires that at least
ONE partition
on the harddisk is
formated with
NTFS.
If you do not yet
have such a
partition, you can
cancel here the
installation of the
Active Directory,
prepare a partition
in NTFS and
then restart this
configuration.
It is up to you to
decide, which
partition to use with
NTFS.
I personally prefer
to keep the
C-drive ("system
drive") in
FAT format, so I
formatted in this
example the F-drive
in NTFS .
Continue the
installation with
5
4
"Start the Active
Direcory Wizard"
just "Next"
5
5
Again, we are installing a
first domain controller and
for this domain, we need to
create a new domain tree.
5
6
It is now required to define
the name of the new domain.
5
7
To avoid problems,
I am
redefining my
domain name
to be now:
"JHHOME.COM",
which looks like an
Internet
Domain name.
(I am not sure, but if
you insist on
using no "dot-
something",
Windows
2000 will add itself
".DOM" )
5
8
While a network
with ONLY
Windows2000
systems can
work using only
DNS, any
network with
"legacy"
versions of
Windows
(WfW,
Windows95/98/ME,
Windows NT4)
requires the
use of "NetBIOS",
either
using "NetBEUI"
-protocol or
using "NetBIOS
over TCP/IP",
for which I need to
define a
NetBIOS
compatible Domain
name.
Here I can use now
the name
of the workgroup,
which I
like to change to a
domain.
5
9
You need to define
the location
for the database and
Log-file
for the Active
Directory.
Remember the
window with
the information on
the
Active Direcory
stating the
need to a partition in
NTFS ?
6
0
partition must be
NTFS
(since it is not
possible to use a
FAT
-partition to define
Access rights)
6
1
Again the question:
will you have a network
with
some "legacy" systems
(= all pre-Windows
20000,
like
Windows95/98/ME/NT4)
6
2
The summary of all the
information collected in
the
previous steps.
6
3
It will need to install DNS
6
4
Finished !
After making the Logon, you will be shown again the window for "Configure Your Server":
6
5
the information has changed, since you did already make the basic configuration.
You can now select to NOT "Show this screen at startup".
If you need to change your configuration and make the system again a Stand-alone server,
you can un-install Active Directory.
Exercise 6:
6
6
Figure 1. Sharing a folder on a network
5. To change the name of the folder on the network, type a new name for the folder in the Share name
text box. This will not change the name of the folder on your computer.
Note The Sharing option is not available for the Documents and Settings, Program Files, and Windows
system folders. In addition, you cannot share folders in other users’ profiles.
To set, view, change, or remove file and folder permissions
1. Open Windows Explorer, and then locate the file or folder for which you want to set permissions. To
open Windows Explore click Start, point to All Programs, point to Accessories, and then click
Windows Explorer.
2. Right-click the file or folder, click Properties, and then click the Security tab as shown in Figure 2
below.
6
7
Figure 2. Setting file and folder permissions
3. To set permissions for a group or user that does not appear in the Group or user names box, click Add.
Type the name of the group or user you want to set permissions for and then click OK, as shown in
Figure 3 below.
6
8
• In Windows XP Professional, the Everyone group no longer includes Anonymous Logon.
• You can set file and folder permissions only on drives formatted to use NTFS.
• To change permissions you must be the owner, or have been granted permission to do so by the owner.
• Groups or users granted Full Control for a folder can delete files and subfolders within that folder
regardless of the permissions protecting the files and subfolders.
• If the check boxes under Permissions for user or group are shaded or if the Remove button is
unavailable, then the file or folder has inherited permissions from the parent folder.
• When adding a new user or group, by default, this user or group will have Read & Execute, List Folder
Contents, and Read permissions.
Exercise:-7
If you've previously installed TCP/IP, it will appear in the list of installed protocols. If this is the case, you
should skip to the "Configuring TCP/IP" section of this document below. If it is not in the list, you will need
to install it.
To install the TCP/IP protocol,
6
9
Configuring TCP/IP
To configure the TCP/IP protocol, go to the Network and Dial-up Connections Control Panel (right-click
"My Network Places" and choose "Properties") and right-click on "Local Area Connection". Choose the
"Properties" from the menu. Highlight the TCP/IP entry and press the "Properties" button.
7
0
Check both the Obtain an IP address automatically and the Obtain DNS server address automatically
radio buttons. Click on the Advanced button.
STEPS 5 and 6 are extremely important.
Click on the DNS tab at the top of the screen.
7
1
Locate the check box next to Register this connection's addresses in DNS towards the bottom of the
screen. If the box is checked, uncheck it. If it is already unchecked, leave it alone.
7
2
Click OK to close this dialog box, and close the Network control panel. You will need to reboot your
computer for the changes to take effect.
Exercise 8:
The Domain Name System (DNS) is the Active Directory locator in Windows 2000. Active
Directory clients and client tools use DNS to locate domain controllers for administration and logon.
You must have a DNS server installed and configured for Active Directory and the associated client
software to function correctly. This article guides you through the required DNS configuration.
7
3
Configure the DNS Server Using DNS Manager
These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft
Management Console (MMC).
1. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager.
You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup
Zone.
2. The DNS Server Configuration Wizard starts. Click Next.
3. If the Wizard does not auto-start, right-click your server name object in the DNS Manager
console and choose Configure your Server.
4. Choose to add a forward lookup zone. Click Next. The new forward lookup zone must be a
primary zone so that it can accept dynamic updates. Click Primary, and then click Next.
5. The zone name must be exactly the same as your Active Directory Domain name, or, if on a
stand-alone or workgroup environment - the same as the suffix for all of the network
computers that are to register with this DNS server. Type the name of the zone, and then
click Next.
6. Accept the default name for the new zone file. Click Next.
7
4
8. Click Primary, and then click Next.
9. Type the name of the zone, and then click Next. The zone name should match the Network
ID of your local subnet. For example, if your subnet range is from 192.168.0.1 to
192.168.0.254, type 192.168.0 in the name value.
10. Accept the default name for the new zone file. Click Next.
After the Server Configuration Wizard is finished, DNS Manager starts. Proceed to the next step to
enable dynamic update on the zone you just added.
A caching-only DNS server reduces outgoing DNS traffic and speeds up name resolution. It receives
queries from clients, performs the queries against other name servers, caches the results, and returns those
results to the client. In this Windows 2000 Server tip, Jim Boyce tells you how to configure a caching-only
DNS forwarder.
If you want to reduce network traffic for DNS and improve DNS lookup, one solution is to create a
caching DNS forwarder on your network. A caching-only DNS server receives queries from clients,
performs the queries against other name servers, caches the results, and returns those results to the client.
It then returns subsequent queries for the specified host from the cache instead of submitting them to an
external server. This reduces outgoing DNS traffic and speeds up name resolution.
You can set up a caching-only server by configuring the DNS service with one or more forwarders, which
are upstream DNS servers to which the local DNS server will forward queries (essentially acting as a DNS
client).
7
5
You can configure the DNS service to work with forwarders either nonexclusively or exclusively. In
nonexclusive mode, the DNS server checks its cache for the host. If the lookup fails, it forwards the query
to the specified forwarder. If that query fails, the DNS server attempts to resolve the query on its own
through the root servers.
In exclusive mode, the DNS service also checks its cache. If the lookup fails, it forwards the query to the
forwarder.
If the upstream servers fail the query, the DNS server doesn't attempt resolution on its own; instead, it fails
the query to the client. A DNS server acting in exclusive mode with a forwarder is a caching-only slave.
1. Open the DNS console, right-click the server, and choose Properties.
2. On the Forwarders tab, choose Enable Forwarders, and add the IP addresses of the upstream DNS
servers to which you want to forward queries.
3. If you want the DNS service to work in exclusive mode, select the Do Not Use Recursion option.
4. Click OK to apply the change.
Keep in mind that restarting the server will clear the DNS cache, so a caching-only server works best when
it's been running for an extended period of time.
Exercise 9
Note that Windows 2000-based DNS severs should point to themselves for DNS. If this server needs to
resolve names from its Internet service provider (ISP), you should configure a forwarder. Forwarders
are discussed later in this article.
10. Click OK to close Advanced TCP/IP Settings properties.
11. Click OK to accept the changes to your TCP/IP configuration.
12. Click OK to close Local Area Connections properties.
NOTE: If you receive a warning from the DNS Caching Resolver service, click OK to dismiss the
warning. The caching resolver is trying to contact the DNS server, but you have not finished
7
6
configuring the server.
Step 2: Install Microsoft DNS Server
1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Click Add and Remove Windows Components.
4. The Windows Components Wizard starts. Click Next.
5. Click Networking Services, and then click Details.
6. Click to select the Domain Name System (DNS) check box, and then click OK.
7. Click OK to start server Setup. The DNS server and tool files are copied to your computer.
Step 3: Configure the DNS Server Using DNS Manager
These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft
Management Console (MMC).
1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2. Right-click Forward lookup zones, and then click New Zone.
3. When the New Zone Wizard starts, click Next. You are then prompted for a zone type. The zone types
include:
• Active Directory-integrated: An Active Directory-integrated zone stores the DNS zone information
in Active Directory instead of in a .dns file.
• Standard primary: A standard primary zone stores the DNS zone information a .dns text file instead
of in Active Directory.
• Standard secondary: A standard secondary zone copies all of the information from its master DNS
server. A master DNS server can be an Active Directory, primary, or secondary zone that is
configured for zone transfers. Note that you cannot modify the zone data on a secondary DNS server.
All of its data is copied from its master DNS server.
4. The new forward lookup zone must be a primary or an Active Directory-integrated zone so that it can
accept dynamic updates. Click Primary, and then click Next.
5. The new zone contains the locator records for this Active Directory-based domain. The name of the zone
must be the same as the name of the Active Directory-based domain, or be a logical DNS container for
that name. For example, if the Active Directory-based domain is named "support.microsoft.com", valid
zone names are "support.microsoft.com" only.
6. Accept the default name for the new zone file. Click Next.
NOTE: Experienced DNS administrators may want to create a reverse lookup zone, and are encouraged
to explore this branch of the wizard. A DNS server can resolve two basic requests: a forward lookup and
a reverse lookup. A forward lookup is more common. A forward lookup resolves a host name to an IP
address with an "A" or Host Resource record. A reverse lookup resolves an IP address to a host name
with a PTR or Pointer Resource record. If you have your reverse DNS zones configured, you can
automatically create associated reverse records when you create your original forward record. For
additional information about reverse DNS configuration, click the following article number to view the
article in the Microsoft Knowledge Base:
174419 How to configure a subnetted reverse lookup zone on Windows NT, Windows 2000, or Windows
Server 2003
A Windows 2000-based DNS server follows specific steps in its name-resolution process. A DNS server
first queries its cache, then it checks its zone records, then it sends requests to forwarders, and finally it
tries resolution by using root servers.
By default, a Microsoft DNS server connects to the Internet to further process DNS requests with root
hints. When you use the Dcpromo tool to promote a server to a domain controller, the domain controller
requires DNS. If you install DNS during the promotion process, you get a root zone. This root zone
indicates to your DNS server that it is a root Internet server. Therefore, your DNS server does not use
forwarders or root hints in the name-resolution process.
7
7
To Remove the Root DNS Zone
1. In DNS Manager, expand the DNS Server object. Expand the Forward Lookup Zones folder.
2. Right-click the "." zone, and then click Delete.
Windows 2000 can take advantage of DNS forwarders. This feature forwards DNS requests to
external servers. If a DNS server cannot find a resource record in its zones, it can send the request to
another DNS server for additional attempts at resolution. A common scenario might be to configure
forwarders to your ISP's DNS servers.
To Configure Forwarders
1. In DNS Manager, right-click the DNS Server object, and then click Properties.
2. Click the Forwarders tab.
3. Click to select the Enable Forwarders check box.
4. In the IP address box, type the first DNS server to which you want to forward, and then click Add.
5. Repeat step 4 until you have added all the DNS servers to which you want to forward.
To Configure Root Hints
Windows includes the ability to use root hints. The Root Hints resource records can be stored in either
Active Directory or text files (%SystemRoot%\System32\DNS\Cache.dns files). Windows uses the
standard InterNIC root server. Also, when a Windows 2000-based server queries a root server, it updates
itself with the most recent list of root servers.
1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2. In the DNS Management console, right-click the server name, and then click Properties.
3. Click the Root Hints tab. Your DNS server's root servers are listed on this tab.
If the Root Hints tab is unavailable, your server is still configured as a root server. See the "To Remove
the Root DNS Zone" section in this article. You may need to use custom root hints that are different from
the default. However, a configuration that points to the same server for root hints is always incorrect.
You should not modify your root hints. If your root hints are incorrect and need to be replaced, see the
following Microsoft Knowledge Base article:
Session 6:-
7
8
To install the DHCP Service on an existing Windows 2000 Server:
1. Click Start, click Settings, and then click Control Panel.
2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.
3. In the Windows Component Wizard, click Networking Services in the Components box, and then
click Details.
4. Click to select the Dynamic Host Configuration Protocol (DHCP) check box if it is not already
selected, and then click OK.
5. In the Windows Components Wizard, click Next to start Windows 2000 Setup. Insert the Windows
2000 Advanced Server CD-ROM into the CD-ROM drive if you are prompted to do so. Setup copies the
DHCP server and tool files to your computer.
6. When Setup is complete, click Finish.
When you install and configure the DHCP service on a domain controller, the server is typically
authorized the first time that you add the server to the DHCP console. However, when you install and
configure the DHCP service on a member server, you need to authorize the DHCP server.
Note A stand-alone DHCP server cannot be authorized against an existing Windows Active Directory.
Note You must be logged on to the server with an account that is a member of the Enterprise
Administrators group.
2. In the console tree of the DHCP snap-in, select the new DHCP server. If there is a red arrow in the
bottom-right corner of the server object, the server has not yet been authorized.
3. Right-click the server, and then click Authorize.
4. After a few moments, right-click the server again and then click Refresh. The server should display a
green arrow in the bottom-right corner to indicate that the server has been authorized.
To create a new scope:
1. Click Start, click Programs, point to Administrative Tools, and then click DHCP.
Note In the console tree, select the DHCP server on which you want to create the new DHCP scope.
2. Right-click the server, and then click New Scope. In the New Scope Wizard, click Next, and then type a
name and description for the scope. This can be any name that you choose, but it should be descriptive
enough to identify the purpose of the scope on your network. For example, you might use Administration
Building Client Addresses.
3. Type the range of addresses that can be leased as part of this scope, for example, a starting IP address of
192.168.100.1 to an ending address of 192.168.100.100. Because these addresses are given to clients,
they should all be valid addresses for your network and not currently in use. If you want to use a different
subnet mask, type the new subnet mask. Click Next.
4. Type any IP addresses that you want to exclude from the range you entered. This includes any addresses
that may have already been statically assigned to various computers in your organization. Click Next.
5. Type the number of days, hours, and minutes before an IP address lease from this scope expires. This
determines the length of time that a client can hold a leased address without renewing it. Click Next to
7
9
select Yes, I want to configure these options now, and then extend the wizard to include settings for the
most common DHCP options. Click Next.
6. Type the IP address for the default gateway that should be used by clients that obtain an IP address from
this scope. Click Add to place the default gateway address into the list, and then click Next.
Note When DNS servers already exist on your network, type your organization's domain name in Parent
domain. Type the name of your DNS server, and then click Resolve to ensure that your DHCP server
can contact the DNS server and determine its address. Then click Add to include that server in the list of
DNS servers that are assigned to the DHCP clients. Click Next.
7. Click Yes, I want to activate this scope now, to activate the scope and allow clients to obtain leases
from it, and then click Next. Click Finish.
Troubleshooting
• Clients are unable to obtain an IP address
If a DHCP client does not have a configured IP address, it generally means that the client has not been
able to contact a DHCP server. This is either because of a network problem or because the DHCP server
is unavailable. If the DHCP server has started and other clients have been able to obtain a valid address,
verify that the client has a valid network connection and that all related client hardware devices
(including cables and network adapters) are working properly.
• The DHCP server is unavailable
When a DHCP server does not provide leased addresses to clients, it is often because the DHCP service
has failed to start. If this is the case, the server may not have been authorized to operate on the network.
If you were previously able to start the DHCP service, but it has since stopped, use Event Viewer to
check the system log for any entries that may explain the cause.
Note To restart the DHCP service, click Start, click Run, type cmd, and then press ENTER. Type net
start dhcpserver, and then press ENTER.
Exercise 5
To install WINS, DNS, DHCP, and the other networking options that are included in Windows 2000, use
the following steps:
1. Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
2. Click Add/Remove Windows Components.
3. In the Windows Components Wizard, click Networking Services, and then click Details. You can add or
remove networking services components in this window.
Exercise 6:-
Configuration
8
0
4) Advance to the next window of options by clicking Next. Select the third option: Connect to a private
network through the Internet.
8
1
6) Type in the VPN server address: "inside.mcgill.ca".
7) Optional: make this available under your log-in only or for everyone. Click Next.
8
2
8) Assign a name ("McGill VPN") to the connection and click Finish.
Connecting
1) If you are running Firewall software, please note that to connect to VPN you must open TCP port #1723
for PPTP.
2) Next, connect to your ISP as you normally would.
3) After you have established a connection to the Internet, to connect to the VPN server, double click on
the VPN icon located on your desktop.
8
3
4) Enter your username and password and click the Connect button.
User name: firstname.lastname
Password: DAS password
5) You will see a Connection Established window once you have successfully connected to VPN.
Exercise 7
Microsoft DFS (Distributed file system) Windows NT/Windows 2000 includes Microsoft's new
hierarchical distributed file system. DFS is a true distributed file system that lets administrators create
custom hierarchical trees that group file resources from anywhere in the organization.
Microsoft DFS is designed to make it easier to access files on networks. It provides a way to unite files on
different computers under a single name space. To the user, files appear as if they are in one location,
rather than on separate computers. A hierarchical tree provides a view of these files, and users can "drill
down" through the tree to find just the information they are looking for.
The user does not need to know or care about the physical location of the file, only where it is located in
the hierarchical view. That means that users no longer search for files by opening file servers and disk
drives, and looking through a separate directory structure on each. Instead, users look through a logical
directory that places shared information in a place that makes more sense to users and administrators alike.
With DFS, an administrator does up-front work to logically organize information, so users don't have
trouble finding it later on.
As an analogy, think of a city library system in which the book catalog at each library lists all the books
available at libraries throughout the city. You can order any book and it will be delivered from its current
location. The important point is that there is one library catalog system that provides a list of all the books
available, no matter what their physical location. DFS provides a single "catalog" view of files on your
network, no matter where those files are located.
In Windows 2000, DFS takes advantage of the Active Directory. The DFS tree topology is
automatically published to the Active Directory, resulting in fault tolerance for the DFS root.
Users can access information with DFS's hierarchical view of network resources. Administrators
can create custom views to make file access easier for users.
Volumes consist of individual shares, and those shares can be at many different locations. A share
can be taken offline without affecting the rest of the volume. The volumes that you add to a DFS
root are the leaves or branch nodes that represent shared network directories.
User access to DFS volumes is controlled with standard Windows NT/Windows 2000 security,
such as group access rights.
To ensure that critical data is always available, administrators can set up alternate locations for
accessing data by simply including the alternate locations under the same logical DFS name.
Client software automatically chooses to use data on a server that is closest to the user. If one of
the locations goes down, another location is automatically selected.
Response time can be improved by load balancing the system. Often-accessed files can be stored
in multiple locations, and the system will automatically distribute requests across the drives to
balance traffic during peak usage periods.
Users don't need to know about the physical location of files. Administrators can physically move
files to other drives; but to the user, the files still appear under the same location in the
hierarchical tree.
8
4
Client access to shares is cached to improve performance. The first time a user accesses a
published directory, the information is cached and used for future references.
DFS simplifies enterprise backups. Since a DFS tree can be built to cover an entire enterprise, the
backup software can back up this single "tree," no matter how many servers/shares are part of the
tree. The tree can include Windows 95 and Windows NT/Windows 2000 desktops as well.
A graphical administration tool makes it easy to configure volumes, DFS links, and remote DFS
roots.
DFS fits into an organization's Internet and intranet strategy. The Web page of individual departments or
even users can be included within the directory tree. DFS can also hold HTML links; so, if linked pages
are moved to a different physical location, all links pointing to the pages will not have to be reconfigured.
DFS Volumes
A DFS volume starts out by being hosted by a specific computer. There may be many individual DFS
volumes available on a network, and each will have its own distinct name. Windows NT/Windows 2000
servers are currently the only systems that can host DFS volumes. An organization might have a master
DFS volume that contains links to other DFS volumes at the department or division level. Another volume
might tie together shares that are common in each department, such as public documents.
In the DFS volume name shown here, the hosting computer name is Server_Name:
Like a local file system, a DFS volume has a root that is its starting point. This is represented by
DFS_Share_Name. The reference to path\name can be any valid pathname.
Exercise 8:-
The Microsoft Certificate Server (MCS) enables you to install the Certificate Server service as either its
own Root Certificate Authority (Root CA) or as a service that will use an external (public) Certificate
Authority (non-Root CA). These two configurations require very different configuration processes, and are
mutually exclusive. Your Certificate Server can be either a Root CA or a non-Root CA, but not both.
Before you install the MCS on your server, you need to evaluate how you are going to use it. For example,
if your use of the MCS is to provide your corporate intranet users with secure communications, then you
would want to install the MCS as a Root CA, and issue your own self-signed certificates to your servers
and users.
However, if you intend to use the MCS on your Internet server to provide your Internet users with secure
communications so they can safely provide confidential purchasing information (such as credit card
numbers), then you would want to install the MCS as a non-Root CA and obtain a validating certificate
from an external CA such as VeriSign.
Because of the differences between installing the MCS for external (non-Root CA) and internal (Root-CA)
use, we have described each of these uses separately later in this chapter, following the section on
installation.
To install the Microsoft Certificate Server, you must install the Windows NT 4.0 Option Pack using the
Custom option, and select the Certificate Server for installation. You have two distinct options for
installing Certificate Server:
8
5
Installing MCS as a stand-alone Certificate Authority by specifying it as the Root CA (commonly
used for intranet implementations)
Installing MCS to use a public Certificate Authority hierarchy by specifying it as a non-Root CA
(commonly used for Internet servers)
This selection is significant in determining where the certificates supplied by MCS derive their validation
(from your enterprise or from a public agency verifying your identity). This important option is selected in
step 2 in the following list.
Note: Certificate Server cannot be installed on a Windows NT Server that is a Backup Domain Controller
(BDC). The Certificate Server must either be installed on a Primary Domain Controller (PDC) or a stand-
alone Server.
During the installation of the Windows NT 4.0 Option Pack, you are prompted with several dialog boxes
to configure the Certificate Server settings.
The following list walks you through the dialog boxes used in installing Certificate Server:
1. Following the installation dialog boxes for SMTP, NNTP, and MSMQ (if selected), the Windows
NT 4.0 Option Pack installation process switches to installing the Certificate Server, and you are
prompted with several dialog boxes to configure Certificate Server settings.
You must set the following options in the Microsoft Certificate Server Setup dialog box:
The Configuration Data Storage Location must be set to a local directory that is shared
on the network, so users can access and install certificates. The local pathname for this
shared directory must be specified in full, including the drive letter (for example,
D:\CertFile).
The Database Location folder defaults to the %systemroot%\system32\ CertLog
directory, but it can be modified by clicking Browse and selecting a different directory.
The Log Location folder also defaults to the %systemroot%\system32\ CertLog
directory, and may be changed by clicking Browse and selecting a different directory.
The Show Advanced Configuration checkbox, by default, is not selected, and the
defaults for MCS specify that it will install as a Root CA. This default is acceptable only
if you are going to use the MCS as a Root CA on your intranet. If you want to employ
this installation of MCS on an Internet server, you will likely want to setup MCS as a
non-Root CA and obtain a server certificate from a public CA source (such as VeriSign).
Note: This option is very important in the installation of MCS, because you cannot change from a Root CA
to a non-Root CA without reinstalling.
The Show Advanced Configuration checkbox enables you to set up MCS as a non-Root CA or to modify
any other Advanced option. If you want to configure MCS as a non-Root CA, in its subsequent dialog box
select the Non-Root CA option.
Once you have selected the desired directories and enabled the Show Advanced Configuration option (if
needed), click Next to continue.
2. If the Show Advanced Configuration checkbox is checked, the next dialog box, shown in Figure
17-2, will request you to set MCS as a Root or non-Root CA, as well as select a Cryptographic
Services Provider (CSP) and a hash algorithm. In this version of Certificate Server, the Microsoft
8
6
Base Cryptographic Provider is the only CSP option available, and the MD5 hashing algorithm is
selected by default.
Note: As indicated by the README.TXT for Service Pack 4, do not use the HMAC hashing algorithm, or
the MCS installation will fail.
A checkbox enabling you to use existing keys (not selected by default). This option is
useful when restoring Certificate Server or when you want to use keys generated by
other applications. When the Use Existing Keys option is enabled, the remaining options
in the bottom half of the dialog boxes are disabled.
A checkbox option to remove existing certificate information, which is not selected by
default. To remove existing certificate data, click the checkbox next to Erase all previous
configuration information.
This Certificate Server installation will be automatically set as the default Certificate
Server. To allow a different Certificate Server to be
the default, clear the checkbox next to Make this Certificate Server the default.
The Certificate Authority Hierarchy is specified in this dialog box, and by default
assigns the selected CSP Root Certificate Authority that creates a root certificate for the
Certificate Authority. When the Root CA option is selected, the Certificate Server
Configuration Wizard creates a public/private pair of keys and a self-signed root
(signature) and key exchange certificates for your newly created Root CA.
If Non-Root CA is selected, a Root CA certificate is not generated, and only a CA
certificate request file is created. The non-Root CA must be selected if you want to use a
public CA certificate on this server for Internet applications.
Note: This non-Root CA certificate request file must be submitted to a CA (such as VeriSign or MCS) in
order to generate a certificate. This externally validated non-Root CA certificate would be used in a CA
hierarchy, though only limited support for CA hierarchies (for use with Exchange) is included in this
version of MCS. Full support for CA hierarchies is planned for the Windows 2000 version of MCS. This
certificate request file is not a server certificate request file, and does not contain a Common Name (that is,
DNS name) value required for valid server certificates. You should use Key Manager to create a server
certificate request file after you have completed the installation.
Once you have selected the desired options, click Next to continue.
3. In the next Certificate Server dialog box, asked to provide the Certificate Authority name,
organization, organizational unit, locality, state, country, and description for this Certificate
Authority. Fill in the information for your enterprise and click Next to continue.
4. Upon completion of the identifying information, the Configuration Wizard does one of two
things, depending upon the type of CA that was selected.
If a Root CA was selected, the Configuration Wizard creates the root (signature) and key
exchange certificates for your newly created Root CA. The keys, certificates, and configuration
data are handled in the following manner:
The keys are stored in the local machine’s key repository, and configuration information
is written to the registry.
The certificates will be stored in the Configuration Data Storage Location specified in
the first Certificate Server installation dialog box. You will be able to use these
certificates for server and client authentication in support of SSL sessions for your Web
sites.
The newly created CA certificate will be added to the Certificate Authority Certificate
List Web page, which enables clients to install a CA certificate via their Web browser.
8
7
This process is discussed in the “Installing a CA Certificate on the Client” section later
in this chapter.
The Certificate Server configuration file is written to the Configuration Data Storage
Location in a text file called CertSrv.txt.
This CA requires that both IPSec peers transact with a Registration Authority (RA), which then forwards
the requests through to the CA. Both the remote IPSec peer and the local IPSec peer must be configured
with the both the CA and RA public keys. The CA and RA public keys are signature and encryption key
pairs, which must be generated and enrolled for authentication to occur.
Session 7:-
Exercise 3:- Install the routing and remote access services for IP Routing.
You can install Routing and Remote Access Service by downloading the installation files from the
Microsoft web site to your computer.
You can download the Routing and Remote Access Service files to a client or workstation computer, but
Routing and Remote Access Service can only be installed on a computer that runs Windows NT Server
version 4.0. To install Routing and Remote Access Service on another computer, see the procedure
"Installing Routing and Remote Access Service by Using a Network Connection to the Setup Files" in this
chapter.
Note Routing and Remote Access Service running on Windows NT Server version 4.0 is also referred to
as the Windows NT router.
To remove a service
1. Double-click Network in Control Panel.
2. Click the Services tab.
3. Click the service you want to remove, and then click Remove.
The Routing and Remote Access Service installation program prompts you to remove RAS and pause the
SNMP Service if it detects that you are running them.
If you do not already have the services and protocols shown in Table 2.1 and you plan to use them, you
should install them prior to installing Routing and Remote Access Service.
Table 2.1 Services and Protocols to Install Before Routing and Remote Access Service
8
8
If you want Install this service or protocol
IP routing TCP/IP protocol
IPX routing NWLink IPX/SPX–compatible transport
SNMP management SNMP Service
Installing Media
Before you install Routing and Remote Access Service, install all the hardware on your computer that you
will need for a router. This includes modems, ISDN devices, or other remote access devices for remote
access connectivity, as well as network adapters for network connectivity. Use the manufacturer's
instructions to install these devices on your computer.
Note Installing LAN and WAN hardware prior to installing Routing and Remote Access Service is
recommended. You do not need to reinstall Routing and Remote Access Service if you change or add
hardware.
You should also install the Windows NT drivers for the network adapters before installing Routing and
Remote Access Service.
System Requirements
Table 2.2 describes the system requirements for Routing and Remote Access Service.
Table 2.2 System Requirements for Routing and Remote Access Service
Category Requirement
Hardware A 32-bit x86-based microprocessor (such as Intel 80486/50 or higher), Intel Pentium, or
supported RISC-based microprocessor, such as the Digital Alpha Systems
One or more network adapter cards,WAN cards, or modems
VGA or higher-resolution monitor
8
9
Category Requirement
One or more hard disks, with 40 MB minimum free disk space on the partition that will
contain the Routing and Remote Access Service system files
Operating Windows NT Server version 4.0 plus Service Pack 3 or later
System
Memory 16 MB RAM minimum
Optional Recommended: A mouse or other pointing device
components
Downloading and Installing Routing and Remote Access Service from the Web
To download and install Routing and Remote Access Service from the Web, you need to follow the
steps outlined in the following sections:
• Download the Routing and Remote Access Service files
• Install Routing and Remote Access Service options
• Finish installation if you install a RAS Server
9
0
Figure 2.1 Setting Routing and Remote Access Service options
You can use this dialog box to install any or all of the options described in Table 2.3. If do not install an
option, such as Remote access service, and you later want this functionality, you must run mprsetup
again to install it. For information on how to use this command, see the procedure "Run Setup" in the
section "Installing Routing and Remote Access Service by Using a Network Connection to the Setup
Files" later in this chapter.
Table 2.3 Routing and Remote Access Service Installation Options
Option Effect if selected
Remote access Installs support for client dial-up networking.
service
LAN routing Installs support for LAN-to-LAN routing (including WAN cards that support LAN
emulation).
Demand-dial Installs support for routing over WANs and dial-up media, such as ISDN and PPTP.
routing
9
1
routing protocols, you must add the protocols and then add interfaces to them before you can begin to use
the Windows NT router. For more information on how to add these see Chapter 3, "Administering Routing
and Remote Access Service."
Installing Routing and Remote Access Service by Using a Network Connection to the Setup Files
You can download the files as described in "Downloading and Installing Routing and Remote Access
Service from the Web," and then install Routing and Remote Access Service on another computer.
Although you can download the Routing and Remote Access Service files to any client or workstation
computer, Routing and Remote Access Service can be installed only on a computer running Windows NT
Server.
To install Routing and Remote Access Service on another computer, you need to follow the steps
outlined in the following sections:
• Copy Setup files
• Run Setup
Run Setup
1. On the computer running Windows NT Server, open a Command Prompt window.
2. Run mprsetup and type the path to the installation files.
For example, type:
mprsetup \\Computername\Share
9
2
Exercise 4:-
The "Routing and Remote Access" administrative tool is used to enable routing on a Windows 2000
server that is multihomed (has more than one network card). Windows 2000 professional cannot be a
router. The "Routing and Remote Access" administrative tool or the "route" command line utility can be
used to configure a static router and add a routing table. A routing table is required for static routing.
Dynamic routing does not require a routing table since the table is built by software. Dynamic routing does
require additional protocols to be installed on the computer. When using the "Routing and Remote Access"
tool, the following information is entered:
Interface - Specify the network card that the route applies to which is where the packets will come
from.
Destination - Specify the network address that the packets are going to such as 192.168.1.0.
Network Mask - The subnet mask of the destination network.
Gateway - The IP address of the network card on the network that is configured to forward the
packets such as 192.168.1.1.
Metric - The number of routers that packets must pass through to reach the intended network. If
there are more than 1, the Gateway address will not match the network address of the destination
network.
Dynamic Routing
Windows 2000 Server supports Network Address Translation (NAT) and DHCP relay agent. Three
Windows 2000 supported Dynamic routing protocols are:
The "Routing and Remote Access" tool is used to install, configure, and monitor these protocols and
routing functions. After any of these dynamic routing protocals are installed, they must be configured to
use one or more routing interfaces.
OSPF Terms
Area border router - A router that interfaces to subnets in more than one OSPF area.
Autonomous system - Routing areas that are administered by a single organization.
Autonomous system boundary router - A router that connects an autonomous system to another
autonomous system or the internet.
Backbone area - The main OSPF or root routing area that is connected to all other areas with an
ID of 0.0.0.0 (ID number does not reflect any IP address).
Internal router - Router that does internal routing.
Internal routing - Routing done in one routing area.
Routing area - A group of IP subnets connected by links with an ID similar to an IP address that
is used to identify the area. In Active Directory, a routing area would likely be configured for
each site. Passwords are used for each routing area.
9
3
Routing Configuration Issues
RIP - Tabs:
o On the security tab of the RIP properties dialog box there as a selection of one of:
Accept announcements from all routers
Accept announcements from listed routers only - A list must be created.
Ignore announcements from all listed routers - A list must be created.
o General - Maximum delay setting controlling how long the router waits to update other
routers. Includes logging controls.
OSPF - Property box tabs:
o Areas - In the OSPF properties dialog box (Areas tab?) select one of the following
network types:
Broadcast - For normal local area networks.
Point-to-point - For demand dial interfaces.
Non-broadcast multiple access (NBMA) - For frame relay or X.25 networks.
o General - Includes logging controls along with "Router Identification field" and "Enable
Autonomous System Boundary Router" checkbox.
o Virtual Interfaces - If an OSPF area is not connected directly to the backbone area, a
virtual interface must be created to allow for it to go through one or more intermediate
networks. The virtual interface tells OSPF which router has an interface that connects to
the backbone area. The entered password must be the one required by the router with the
interface connecting to the backbone area that packets are being sent to.
o External Routing - Allow or reject external route table sources.
Internet Group Management Protocol (IGMP) version 2 Router and Proxy is used to manage
routing of multicast network traffic.
o Routers must be configured with IGMP to use multicasting on a network. The interface
may be configured as an IGMP router or an IGMP proxy. An IGMP router will update
its table with group information and forward multicast traffic.
The "Routing and Remote Access" tool server properties dialog box contains these tabs:
General - Can enable the computer as a router for LAN routing only or for LAN and demand
dialing. Also the computer may be enables as a Remote Access Server (RAS).
Security - Can select Windows Authentication or RADIUS authentication for remote access and
dial on demand connections. A provider to log all sessions with the router can be selected.
Chioces are none, Windows accounting, or RADIUS accounting.
IP - Can "Enable IP routing", and "Allow IP-based remote access and demand-dial connections".
The computer may also be configured to use a DHCP server to assign IP addresses to client
computers or to use a static IP address pool.
PPP - Options:
o Multilink connections
o Dynamic bandwidth control using BAP or BACP
o Link control protocol (LCP) extensions
o Software compression
Event Logging - Can enable or disable PPP logging. Other options:
o Log errors only
o Log errors and warnings
o Log the maximum amount of information
o Disable event logging
9
4
Exercise 6:-
Terminal Services provides remote computers access to Windows-based programs that are running on the
server. Microsoft Windows 2000 Server and Microsoft Windows 2000 Advanced Server includes
Terminal Services Client Software to support 16 and 32-bit Windows-based clients. In remote
administration mode, Terminal Services provides access to physically or logically distant servers. In
Application Server mode, Terminal Services provides a multisession environment for server-side
computing. This step by step article describes how to install Terminal Services using the Application
Server mode.
9
5
• Remote Administration - This mode permits two Terminal Services client connections to the server.
This mode does not require licensing, but allows only members of the Administrators group to access
the server. This is an excellent choice for non-Terminal Services servers, to enable remote control-
type access to remote servers.
• Application Server - This mode permits more than two simultaneous connections by non-
administrators, but requires the Terminal Services Licensing service to be installed on a domain
controller (for which you can use any server in a workgroup environment). A Terminal Services
Client Access License is also required for non-Windows 2000 Professional clients.
NOTE: Terminal Services Licensing is a required component that licenses clients on a Terminal
server in Application Server mode. For computers that are in a Windows 2000 domain, Microsoft
recommends that you do not enable Terminal Services Licensing on the same computer with
Terminal Services.
6. In Terminal Services Setup, verify that Application Server mode is selected, and then click Next.
NOTE: In Terminal Services Setup, you may see programs listed that will not work properly when
Terminal Services is enabled. You need to reinstall these programs for multisession access by using the
Add/Remove Programs tool after you enable Terminal Services.
7. In the next screen, click the appropriate option to specify whether you want permissions to be
compatible with Windows 2000 Users or with Terminal Server 4.0 Users. Use the Permissions
compatible with Windows 2000 Users option for the most secure environment in which to run
applications.
8. In Terminal Services Licensing Setup, specify whether you want the license server to serve your entire
enterprise or your domain/workgroup, and then provide the directory location for the database. Wait for
the installation to finish, and then click Finish. In the Add/Remove Programs window, click Close.
NOTE: The required files are copied to your hard disk, and you can use server software after you restart
the computer.
Below is the step-by-step guide for setting up a World Wide Web server for anonymous access in a
Windows 2000 environment.
9
6
1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services
Manager. (In Windows 2000 Professional, you can start Administrative Tools from Control Panel.)
2. Right-click * server name (where server name is the name of the server), and then click Properties.
3. In the Master Properties box, click WWW Service (if it is not already selected), and then click the Edit
button that is next to the Master Properties box.
4. Click the Directory Security tab.
5. Under Anonymous access and authentication control, click Edit.
6. Under Authenticated access, select the Integrated Windows authentication check box.
7. Select the Anonymous access check box, and then click Edit. Note the user account in the Username
box. This account is used by Windows to authenticate anonymous users when they browse the Web site.
8. Click OK, click OK, click OK, and then click OK.
Each client that browses the Web site generally uses about 3 connections.
6. Click the Performance tab.
7. Move the Performance tuning slider to the position that you want.
8. If you want to limit the amount of network bandwidth that is available for connections to this Web site,
select the Enable bandwidth throttling check box, and then type the amount that you want in the
Maximum network use box.
9. If you want to limit the amount of computer processing time spent servicing requests for content on this
Web site, select the Enable process throttling check box, and then type the amount that you want in
the Maximum CPU use box.
This prevents the Web site from consuming too much processor time to the detriment of other computer
processes.
NOTE: Bandwidth throttling is not available in Windows 2000 Professional.For additional information,
click the article number below to view the article in the Microsoft Knowledge Base:
263857 Items in the ISM Are Missing or Appear Dimmed on Windows 2000 Professional
10. Click the Home Directory tab.
9
7
• If you want to use Web content that is stored on the local computer, click A directory located on
this computer, and then type the path that you want in the Local Path box. For example, the
default path is C:\Inetpub\wwwroot.
NOTE: For added security, do not create Web content folders in the root folder.
• If you want to use Web content that is stored on a different computer, click A share located on
another computer, and then type the location that you want in the Network Directory box that
appears.
• If you want to use Web content that is stored on another Web address, click A redirection to a
URL, and then type the location that you want in the Redirect to box. Under The client will be
sent to, select the appropriate check box.
11. Click the Documents tab. Note the list of documents that IIS can use as the default start documents. If
you want to use Index.html as your start document, you must add it. To do this:
a. Click Add.
b. In the Add Default Document dialog box, type Index.html, and then click OK.
c. Click the up-arrow button until Index.html is displayed at the top of the list.
12. Click the Operators tab. Note the user accounts that have operator privileges on this Web site. Click
Add to add additional user accounts to operate this Web site.
NOTE: The Operators tab is not available in Windows 2000 Professional.For additional information,
click the article number below to view the article in the Microsoft Knowledge Base:
263857 Items in the ISM Are Missing or Appear Dimmed on Windows 2000 Professional
13. Click OK to return to the Internet Information Services window.
14. Right-click Default Web Site, and then click Stop.
15. Right-click Default Web Site, and then click Start.
The server is now configured to accept incoming Web requests to the default Web site. You can replace
the content of the default Web site with the Web content that you want, or you can create a new Web site.
Exercise 1:-
You can use IP Security (IPSec) in tunnel mode to encapsulate Internet Protocol (IP) packets and
optionally encrypt them. The primary reason for using IPSec tunnel mode (sometimes referred to as "pure
IPSec tunnel") in Microsoft Windows 2000 is for interoperability with third-party routers or gateways that
do not support Layer 2 Tunneling Protocol (L2TP)/IPSec or PPTP Virtual Private Networking (VPN)
tunneling technology.
Windows 2000 supports IPSec tunneling for situations where both tunnel endpoints have static IP
addresses. This is primarily useful in gateway-to-gateway implementations, but may also work for
specialized network security scenarios between a gateway/router and a server (like a Windows 2000 router
routing traffic from its external interface to an internal Windows 2000-based computer securing the
internal path by establishing an IPSec tunnel to the internal server providing services to the external
clients).
Windows 2000 IPSec tunneling is not supported for client remote access VPN use because the IETF IPSec
RFCs do not currently provide a remote access solution in the Internet Key Exchange (IKE) protocol for
client-to-gateway connections. The IETF RFC 2661 for Layer 2 Tunneling Protocol (L2TP) was
specifically developed by Cisco, Microsoft, and others for the purpose of providing client remote access
VPN connections. In Windows 2000, client remote access VPN connections are protected using an
automatically generated IPSec policy that uses IPSec transport mode (not tunnel mode) when the L2TP
tunnel type is selected.
9
8
Windows 2000 IPSec tunneling also does not support protocol and port-specific tunnels. While the
Microsoft Management Console (MMC) IPSec Policy snap-in is very general and allows you to associate
any type of filter with a tunnel, make sure you use only address information in the specification of a filter
for a tunnel rule.
Details on how the IPSec and IKE protocols work can be found in the Microsoft Windows 2000 Resource
Kit and in the Windows 2000 IPSec end-to-end walkthrough. Information about where you can find these
documents is included at the end of this article.
This article explains how to configure an IPSec tunnel on a Windows 2000 gateway. Because the IPSec
tunnel secures only traffic specified in the IPSec filters you configure, this article also describes how to
configure filters in Routing and Remote Access Service (RRAS) to prevent traffic outside the tunnel from
being received or forwarded. This article outlines the following scenario to make it easy to follow the
configuration steps:
NetA - Windows 2000 gateway --- Internet --- third-party gateway - NetB W2KintIP W2KextIP
3rdExtIP 3rdIntIP
W2KintIP is the IP address assigned to the Windows 2000 gateway internal network adapter.
W2KextIP is the IP address assigned to the Windows 2000 gateway external network adapter.
3rdExtIP is the IP address assigned to the third-party gateway external network adapter.
3rdIntIP is the IP address assigned to the third-party gateway internal network adapter.
You need to configure an IPSec policy. You must build two filters; one to match packets going from NetA
to NetB (tunnel 1), and one to match packets going from NetB to NetA (tunnel 2). You need to configure a
filter action to specify how the tunnel should be secured (a tunnel is represented by a rule, so two rules are
created).
Typically, a Windows 2000 gateway is not a member of a domain, so a local IPSec policy is created. If the
Windows 2000 gateway is a member of a domain that has IPSec policy applied to all members of the
domain by default, this prevents the Windows 2000 gateway from having a local IPSec policy. In this case,
you can create an Organizational Unit (OU) in Active Directory, make the Windows 2000 gateway a
member of this OU, and assign the IPSec policy to the Group Policy Object (GPO) of the OU.
1. Use the MMC to work on the IP Security Policy Management snap-in (a quick way to load this is to click
Start, click Run, and then type secpol.msc).
2. Right-click IP Security Policies on Local Machine, and then click Create IP Security Policy.
3. Click Next, and then type a name for your policy (for example, IPSec Tunnel with third-party Gateway).
NOTE: You can also type more information in the Description box.
4. Click to clear the Activate the default response rule check box, and then click Next.
5. Click Finish (keep the Edit check box selected).
NOTE: The IPSec policy is created with default settings for the IKE main mode (phase 1) on the General
tab, in Key Exchange. The IPSec tunnel consists of two rules, each of which specifies a tunnel endpoint.
9
9
Because there are two tunnel endpoints, there are two rules. The filters in each rule must represent the
source and destination IP addresses in IP packets that are sent to that rule's tunnel endpoint.
In the IP Security Policies on Local Machine MMC snap-in, right-click your new policy, and then click
Assign. A green arrow appears in the folder icon next to your policy.
After your policy is assigned, you have two additional active filters (RRAS automatically creates IPSec
filters for L2TP traffic). To see the active filters, type the following command at a command prompt:
netdiag /test:ipsec /debug
You can optionally redirect the output of this command to a text file so you can view it with a text editor
(such as Notepad) by typing the following command:
netdiag /test:ipsec /debug > filename.txt
The netdiag command is available after you install the Microsoft Windows 2000 Resource Kit, which you
can install from your Windows 2000 CD-ROM. To install the kit, locate the Support\Tools folder, and
then double-click the Setup.exe file. After installation, you may need to run the netdiag command from
the %SystemRoot%\Program Files\Support Tools folder (where %SystemRoot% is the drive where
Windows 2000 is installed).
1
0
Protocol: 0 TunnelFilter: Yes
Flags: Inbound
Exercise- 2
Traditionally, a firewall has been a dedicated piece of hardware meant to allow two networks to
communicated in a limited way. A typical setup is to allow users behind the firewall to access web pages
and email without allowing users on the outside to access any computers on the internal network. In recent
years, software firewalls have come into use, and they pose a cost effective solution for many users, such
as those with home or small office broadband networks. Note that Windows XP (prior to SP2) comes with
a software firewall built in called Internet Connection Firewall, which is often the source of connection
problems. Windows XP systems running Service Pack 2 have a much more functional "Windows
Firewall" which replaces the problematic "Internet Connection Firewall".
Exercise 3
This step-by-step article describes how to configure TCP/IP Filtering on Microsoft Windows 2000-based
computers.
Windows 2000-based computers support several methods of controlling inbound access. One of the most
simple and most powerful methods of controlling inbound access is by using the TCP/IP Filtering feature.
TCP/IP Filtering is available on all Windows 2000-based computers that have the TCP/IP stack installed.
TCP/IP Filtering is useful from a security standpoint because it works in Kernel mode. In contrast, other
methods of controlling inbound access to Windows 2000-based computers, such as by using the IPSec
Policy filter and the Routing and Remote Access server, depend on User-mode processes or the
Workstation and Server service.
You can layer your TCP/IP inbound access control scheme by using TCP/IP Filtering with IPSec filters
and Routing and Remote Access packet filtering. This approach is especially useful if you want to control
inbound and outbound TCP/IP access. TCP/IP Security controls only inbound access.
1. Click Start , point to Settings , click Control Panel , and then double-click Network and Dial-up
Connections .
2. Right-click the interface on which you want to configure inbound access control, and then click
Properties .
3. In the Components checked are used by this connection box, click Internet Protocol (TCP/IP) , and
then click Properties .
4. In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced .
5. Click the Options tab.
6. Click TCP/IP filtering , and then click Properties .
7. Select the Enable TCP/IP Filtering (All adapters) check box. When you select this check box, you
enable filtering for all adapters, but you configure the filters on a per-adapter basis. The same filters do
not apply to all adapters.
8. There are three columns with the following labels:
TCP Ports
UDP Ports
IP Protocols
In each column, you must select either of the following options:
Permit All . If you want to permit all packets for TCP or UDP traffic, leave Permit All activated.
Permit Only . If you want to allow only selected TCP or UDP traffic, click Permit Only , click Add ,
1
0
and then type the appropriate port in the Add Filter dialog box.
If you want to block all UDP or TCP traffic, click Permit Only , but do not add any port numbers in the
UDP Ports or TCP Port column. You cannot block UDP or TCP traffic by selecting Permit Only for IP
Protocols and excluding IP protocols 6 and 17.
Note that you cannot block ICMP messages, even if you select Permit Only in the IP Protocols column
and you do not include IP protocol 1.
TCP/IP Filtering can filter only inbound traffic. This feature does not affect outbound traffic or response
ports that are created to accept responses from outbound requests. Use IPSec Policies or packet filtering if
you require more control over outbound access.
Exercise 8:-
1
0
Figure A: This is the main Network Monitor screen
The reason why filtering is so important is because there is a tremendous amount of traffic that flows into
and out of most servers. You can easily capture so much traffic that analyzing it becomes next to
impossible. To help cut down on the amount of traffic that you must analyze, Network Monitor allows you
to use filters. There are two different types of filters that you can use; capture filters and display filters.
Capture filters allow you to specify which types of packets will be captured for analysis. For example, you
may decide that you only want to capture HTTP packets. The main advantage to implementing a capture
filter is that by filtering packets during the capture, you will use a lot less hard disk space than you would
if you captured every packet.
Display filtering works similarly to capture filtering except that all network traffic is captured. You filter
the data that you want to analyze at the time of analysis rather than at the time of capture. Display filtering
uses a lot more hard disk space than capture filtering, but you will have the full dataset on hand just in case
you decide to analyze something other than what you originally intended.
Capturing Data
If you have decided that you want to filter the data being captured, select the Filter option from the
Capture menu, and configure your filter. Otherwise, you can start the capture process by selecting the Start
command found on the Capture menu. You can see what the capture process looks like in Figure B. When
you have captured the data that you want, then select the Stop command from the Capture menu.
1
0
Figure B: This is what the capture process looks like
1
0
Figure C: This is a summary of the captured data
The screen shown in Figure C shows a summary of all of the captured packets in the sequence that those
packets were captured. The data that you are looking at is unfiltered. You could set up a display filter at
this point by selecting the Filter option from the Display menu.
Once you have located a packet that you are interested in, double click on the packet to see it in greater
detail. When you do, you will see the screen that’s shown in Figure D.
1
0
Figure D: This is the screen that you will use to analyze a packet
As you can see in the figure, the packet screen is divided into three sections. The top section is simply a
condensed view of the summary screen. You can use this section to select a different packet to analyze
without having to go back to the mail summary screen.
The second section contains the packet’s contents in a decoded, tree format. For example, in the screen
capture, you can see that the top portion of the tree says FRAME: Base Frame Properties. If you expand
this portion of the tree, you can see the date and time that the frame was captured, the frame number, and
the frame length.
The third section contains the raw data that makes up the frame. In this section, the column to the far left
shows the base address of the bytes on that line in hexadecimal format. The middle section shows the
actual hexadecimal data that makes up the frame. The hexadecimal code is positions wide. To determine
the address of any of the hex characters, start with the base address for that line, and then count the
position of the character that you are interested in. For example, if the base address is 00000010, and the
character that you are interested in is in the twelfth position, then the character’s address would be
0000001B.
The column to the far right contains a reprint of the data in decimal notation. This is probably the most
useful part of the screen because anything that has been transmitted in clear text is clearly readable in this
column. For example, if an E-mail were transmitted in an unencrypted format and the transmission were
captured, you could read the contents of the message in this location (assuming that you could locate the
correct packet). If you look closely at Figure D, you will notice that this is an LDAP packet that I have
1
0
captured. The decimal portion of the packet clearly shows a call to the Active Directory
(CN=Configuration, DC=production, DC=com).
Exercise:-9
PPTP is a popular VPN protocol because it is very secure and easy to set up. You can deploy PPTP easily
in both Microsoft-only and mixed environments. You can configure your Windows 2000-based Routing
and Remote Access service VPN server to drop non-PPTP packets by using packet filters.
How to Configure PPTP Input Filters to Allow Inbound Traffic from PPTP VPN Clients
1. Start the Routing and Remote Access console from the Administrative Tools menu.
2. In the left pane of the Routing and Remote Access console, expand your server, and then expand the IP
Routing node.
3. Click the General node. Right-click the external interface, and then click Properties.
4. On the General tab, click Input Filters.
5. Click Add.
6. Select the Destination network check box. In the IP address box, type the IP address of the external
interface. In the Subnet mask box, type 255.255.255.255.
7. In the Protocol box, click TCP. In the Destination port box, type 1723. Click OK.
8. Click Drop all packets except those that meet the criteria below.
9. Click Add.
10. Select the Destination network check box. In the IP address box, type the IP address of the external
interface. In the Subnet mask box, type 255.255.255.255. In the Protocol box, click Other. In the
Destination port box, type 47. Click OK.
11. Click OK.
How to Configure PPTP Output Filters to Allow Outbound Traffic to PPTP VPN Clients
1. On the General tab in the External_interface Properties dialog box, click Output Filters.
2. Click Add.
3. Select the Source network check box. In the IP address box, type the IP address of the external
interface. In the Subnet mask box, type 255.255.255.255. In the Protocol box, click TCP. In the Source
port box, type 1723. Click OK.
4. Click Drop all packets except those that meet the criteria below option.
5. Click Add.
6. Select the Source network check box. In the IP address box, type the IP address of the external
interface. In the Subnet mask box, type 255.255.255.255. In the Protocol box, click Other. In the
Destination port box, type 47. Click OK.
7. Click OK.
8. Click OK.
NOTE: After you make these changes, only PPTP traffic is allowed into and out of the external interface
of the Routing and Remote Access service VPN server. These filters support communications with a PPTP
VPN client that initiates an inbound call to the Routing and Remote Access service VPN server.
1
0
Session 9 Windows 2000: Network Management
Exercise 1:-
Create
1. In the console tree, right-click Group Policy Objects in the forest and domain in which you want to
create a Group Policy object (GPO).
Where?
Forest name/Domains/Domain name/Group Policy Objects
2. Click New.
3. In the New GPO dialog box, specify a name for the new GPO, and then click OK.
Delete
1. In the console tree, double-click Group Policy Objects in the forest and domain containing the Group
Policy object (GPO) that you want to delete.
Where?
Forest name/Domains/Domain name/Group Policy Objects
2. Right-click the GPO, and then click Delete.
3. When prompted to confirm the deletion, click OK.
Notes
• To create a GPO, you must have GPO creation privileges. By default only domain administrators,
enterprise administrators, and members of the Group Policy creator owners group can create Group
Policy objects. To delegate GPO creation permissions to additional groups and users, go to Group
Policy Objects in the desired domain and click the Delegation tab.
• To delete a GPO, you must have Edit Settings, Delete, Modify Security permissions for the GPO.
• When you use this procedure to create a GPO, no links are created to the GPO, but you can add links
within the same forest by right-clicking any domain, site, or organizational unit, and then clicking Link
Existing GPO. Alternatively, you can both create and link a GPO by right-clicking any domain or
1
0
organizational unit and then clicking Create and Link a GPO Here.
• When you delete a GPO, Group Policy Management attempts to delete all links to that GPO in the
domain of the GPO. However, to delete a link to a GPO, you must have permission to link Group Policy
objects for the organizational unit or domain. If you do not have rights to delete a link, the GPO will be
deleted, but the link will remain. Links from other domains and sites are not deleted. The link to a
deleted GPO appears in Group Policy Management as Not Found. To delete Not Found links, you must
either have permission on the site, domain or organizational unit containing the link, or ask someone
with sufficient rights to delete it.
• Group Policy objects are distinguished in the Active Directory by GUID, and it is theoretically possible
for more than one GPO to have the same friendly name. The Group Policy Management snap-in prevents
the creation of Group Policy objects with duplicate friendly names, but the Group Policy infrastructure
does not enforce uniqueness of friendly names. Therefore, it is possible for duplication of friendly names
to occur if you use legacy tools to create Group Policy objects, if replication is slow, or if you use a script
to perform operations on Group Policy objects.
• You cannot delete the Default Domain Controllers policy or the Default Domain policy.
• Before deleting a GPO, you can check for cross-domain links by navigating to the Scope tab of the GPO
you want to delete and, in the Display links in this location box, selecting Entire Forest. You can then
select all links, right click the selection, and click Delete link. This procedure ensures that cross-domain
links are deleted before you delete the GPO.
You can start Group Policy Object Editor in several ways, depending on the action that you want to
perform. The following sections describe how to start Group Policy Object Editor in a variety of scenarios.
To Edit a Group Policy Setting on the Local Computer
To start Group Policy Object Editor to edit the local GPO, click Start, click Run, type gpedit.msc, and
then click OK.
1
0
To Edit a Group Policy Setting on an Organizational Unit
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users
and Computers.
2. In the console tree, right-click the domain or organizational unit for which you want to configure a Group
Policy setting, click Properties, and then click the Group Policy tab.
3. Click Edit to open the GPO that you want to edit, and then link a GPO to the intended organizational
unit.
You can also link a GPO to an organizational unit that is higher in the Active Directory hierarchy so that
the organizational unit can inherit Group Policy settings.
How to Filter the Scope of Group Policy According to Security Group Membership
1. Open the GPO whose scope you want to filter.
2. Right-click the root node of the console to display the Group Policy icon that has the following label:
GPO_name [domain_controller_name.domain_name] Policy
3. Click Properties, click the Security tab, and then click the security group for which you want to filter
this GPO.
To change the list of security groups for which you want to filter this GPO, click either Add or Remove
to add or remove security groups.
4. Set the permissions as they are described in the following table, and then click OK.
You want to apply Set Apply Group Policy This GPO applies to members of this security
this GPO to members to Allow. Set Read to group unless they are members of at least one other
of this security group. Allow. security group that has Apply Group Policy set to
Deny, Read set to Deny, or both.
Members of this Set Apply Group Policy This GPO never applies to members of this
security group are to Deny. Set Read to security group regardless of the permissions those
exempt from this Deny. members have in other security groups.
GPO.
Membership in this Do not set Apply Group This GPO applies to members of this security
security group does Policy to either Allow or group if they have both Apply Group Policy and
not determine if the Deny. Do not set Read to Read set to Allow as members of at least one other
GPO is applied. either Allow or Deny. security group. They also must not have Apply
Group, Policy, or Read set to Deny as members
of any other security group.
NOTE: GPOs are applied only to sites, domains, and organizational units. Group Policy settings affect
only the users and the computers that they contain. Specifically, GPOs are not applied to security groups.
The location of a security group in Active Directory does not affect filtering through that security group
as it is described in this procedure.
If a user or a computer is not contained in a site, a domain, or an organizational unit that is subject to a
GPO either directly through a link, or indirectly through inheritance, you cannot set any combination of
permissions on any security group to make those Group Policy settings affect that user or computer.
Filtering at the GPO level, as it is described in this procedure, causes the GPO to be processed or not
processed as a whole. The Software Installation extension and the Folder Redirection extension use
1
1
security groups to refine control beyond the GPO level. Except for Folder Redirection and Software
Installation, security groups are not used to filter individual settings or subsets of a GPO. For control over
individual settings, edit or create a GPO instead.
How to Find the Sites, Domains, and Organizational Units to Which a GPO Is Linked
1. Start Group Policy Object Editor with the GPO that you want to find at the root node of the console.
2. Right-click the root node of the console, and then click Properties.
3. Click the Links tab, and then click Find Now.
The sites, domains, and organizational units to which the GPO is linked are listed in the Sites, Domains
or Organizational Units found box. NOTE: If the GPO is linked to more than one domain, you can
limit your search for organizational units to one domain at a time by using the list in the Domain box.
Exercise 4:-
In general, groups are used to grant permissions to similar types of users, to make contact of multiple users
easier, and to simplify administration. For example, instead of having to enter 10 email addresses in the
message header, a message can be sent to one group email, which is then fanned out to all 10 email
addresses in the group.
Security Groups—Groups used to secure access to network resources via permissions; they can
also be used to distribute email messages.
Distribution Groups—Groups that can be used only to distribute email; they have a fixed
membership that can’t be used to access network resources.
Query-Based Distribution Groups (QBDGs)—These groups are new to Exchange 2003. Their
membership is based on a LDAP (Lightweight Distribution Access Protocol) query that can be
used only to distribute email. Using LDAP, a member list is created whenever messages are sent
to a group.
1
1
So what is the main difference between a security and a distribution group? Although both groups can
have an email address associated with them, a distribution group cannot be used to set security settings.
For example, you cannot create a distribution group called Project Team and then assign security rights to
that group.
When you are working with distribution and security groups, there are many things that can or cannot be
done, depending on the group’s scope and the mode that Windows Server is running. The are three types
of scopes—global, domain local, and universal—and two type of modes, mixed or native. See Table 3.1
for a summary of what can and cannot be done according to the network operating mode.
1. Open Active Directory User and Computers. Right-click in the container where you want to
create a new group, select New, and then select Group.
2. As shown in Figure 3.3, the New Object-Group dialog box will appear. In the Group Name field,
type up to a 64 character name for the new group. The first 20 characters will be automatically
inserted for the Pre-Windows 2000 group name and must be unique for the domain. If needed,
you can type a unique name into this field.
Figure 3.3 Creating security and distribution groups through Active Directory Users and
Computers.
1
1
3. Select a group type of either Domain local, global, or universal (available only in native mode).
The recommended scope type is universal; if you are unsure about which scope to use, choose
universal.
4. Select Security or Distribution for your group type and click Next.
5. If the Exchange is set up properly, the Create an Exchange Email Address option will be
available. Make sure that the box is checked and that the correct Alias name for the email address
is displayed. (By default, the alias name is set to the group name.) If an Exchange email address
isn’t needed, uncheck this option.
6. Click Next and then click Finish, creating the group. If creation of an email address was selected,
SMTP and X.400 email addresses will be automatically created.
After the group is created, administrators can change additional group properties, such as adding members
to the group, setting message size-restriction limits, adding or removing email addresses, or limiting which
users can send messages to the group.
NOTE
Query-based distribution groups are available only when Exchange is running in native mode and all
servers in the enterprise are at least running Exchange 2000 SP3 or later. An administrator can check
which mode Exchange is in by opening ESM, clicking the Exchange Organization, and then selecting
Properties. Review the Operation Mode section to see what mode your Exchange server is currently
running in.
The beauty of query-based distribution groups is that less time is spent managing group membership. In
most organizations, people move around the company to different roles, departments, or eventually leave
the company. Instead of specifying static user memberships, query-based distribution groups minimize the
amount of time spent adding or removing users from groups by allowing LDAP queries to dynamically
build membership in the distribution group. The group membership is created on-the-fly. An LDAP query
is run every time an email is sent to this dynamic distribution list. Thus, using query-based distribution
groups can dramatically reduce the administrative costs.
CAUTION
Query-based distribution groups work best when the member list results are 25 to 30 members or fewer.
Potential member lists in the hundreds or thousands will put severe processing demands on a global
catalog server because of the inefficient nature of the LDAP queries. If query-based distribution groups
1
1
have potential to grow to larger numbers, switching the processing tasks from the global catalog server to a
dedicated LDAP expansion server will help in resolving large distribution lists more quickly.
Because groups are used to manage email distribution and permissions, remember to create groups that
will contain similar types of users. Typically, administrators create groups for users who work in the same
departments and need access to similar network resources, users who have similar roles in an organization
(executives, directors, engineers, and so on), or for users on specific company projects. Using the
following steps, administrators can create query-based distribution groups:
1. Open Active Directory User and Computers. Right-click in the container where you want to
create a new group, select New, and then select Query-Based Distribution Group.
2. As shown in Figure 3.4, the New Object-Query-based Distribution Group dialog box will appear.
Type in a group name and, if required, a different alias for the group. Otherwise, the group name
will be automatically inserted for the Exchange alias and will be used to set the group email
address.
Figure 3.4 Creating query-based distribution groups through Active Directory Users and
Computers.
3. The container in which the group is created defines the scope of the LDAP query. This means the
query filter will apply to all recipients of the container selected and below the specified container.
Choose one of the preconfigured filters; otherwise, select the Customize Filter option and click
Customize. The Find Exchange Recipients dialog box, as shown in Figure 3.5, appears.
Figure 3.5 Customizing the LDAP query filter parameters in the Find Exchange Recipients dialog
box.
Again, after the group is created, administrators can manage additional group properties, such as adding
members to the group, setting message size-restriction limits, changing, adding, or removing email
addresses, limiting which users can send messages to the group, adding an expansion server, or
1
1
configuring out-of-office options and nondelivery settings. Many settings can be configured; explore the
ones that best fit your organization.
1. Right-click the group name and then select Rename. Type in the new group name and press
Enter.
2. When the Rename Group dialog box appears, press Tab and type in a new pre-Windows 2000
group name; then click OK to complete the group rename.
Deleting a group removes it permanently from Active Directory. In theory, after a group is deleted, a
group with the same name cannot be created with the same permissions of the original group. Group
names can be reused, but because the SID of the new group name will not match the SID of the original
group name, the permission settings must be manually re-created. Deleting a group is accomplished by
highlighting the appropriate group, right-clicking, and selecting Delete or pressing the Delete key.
NOTE
Windows has built-in security features that will not allow deletion of built-in groups. There is no right-
click Delete option and pressing Delete yields no results.
During a typical file restore operation, Microsoft Windows Backup operates in nonauthoritative restore
mode. In this mode, Windows Backup restores all files, including Active Directory objects, with their
original Update Sequence Number (USN) or numbers. The Active Directory replication system uses the
USN to detect and replicate changes to Active Directory to all the domain controllers on the network. All
data that is restored nonauthoritatively appears to the Active Directory replication system as old data. Old
data is never replicated to any other domain controllers. The Active Directory replication system updates
the restored data with newer data from other domain controllers. Performing an authoritative restore
resolves this issue.
Note Use an authoritative restore with extreme caution because of the effect it may have on Active
Directory. An authoritative restore must be performed immediately after the computer has been restored
from a previous backup, before restarting the domain controller in normal mode. An authoritative restore
replicates all objects that are marked authoritative to every domain controller hosting the naming contexts
that the objects are in. To perform an authoritative restore on the computer, you must use the Ntdsutil.exe
tool to make the necessary USN changes to the Active Directory database.
There are certain parts of Active Directory that cannot or should not be restored in an authoritative
manner:
• You cannot authoritatively restore the schema.
• The configuration naming context is also very sensitive, because changes will affect the whole forest.
For example, it does not make sense to restore connection objects. Connection objects should be
recreated by the Knowledge Consistency Checker (KCC) or manually. Restoring server and NTDS
1
1
settings objects makes sense when no destructive troubleshooting was done before.
• In the domain context, do not restore any objects that deal with relative identifier (RID) pools. This
includes the subobject "Rid Set" of domain controller computer accounts and the RidManager$ object in
the SYSTEM container.
• Another issue is that many distinguished name-type links may break when you restore. This may affect
objects that are used by the File Replication Service (FRS). These exist underneath CN=File Replication
Service,CN=System,DC=yourdomain and CN=NTFRS Subscriptions,CN=DC computer account.
• Attempts to authoritatively restore a complete naming context will always include objects that can
disrupt the proper functionality of crucial parts of Active Directory. You should always try to
authoritatively restore a minimal set of objects.
• Finally, similar issues might exist for objects created by other applications. These go beyond the scope
of this article.
A system state restore replaces all new, deleted, or modified objects on the domain controller that is being
restored.
A system state restore of a naming context that contains two or more replicas is an authoritative merge. In
an authoritative merge, all objects that are deleted or modified are rolled back to when the backup was
made. Objects that were created after the backup are replicated from naming context replicas. An
authoritative merge represents a merge of the state that existed when the backup was made with new
objects that were created after the backup.
When you nonauthoritatively restore a naming context that contains a single replica, you actually perform
an authoritative restore.
Restoring a subtree
Frequently, you may not want to restore the whole database because of the replication impact this would
have on your domain or forest. To authoritatively restore a subtree within a forest, follow these steps:
1. Restart the domain controller.
2. When the Windows 2000 Startup menu is displayed, select Directory Services Restore Mode, and then
press ENTER.
3. Restore the data from backup media for an authoritative restore. To do this, follow these steps:
a. In Directory Services Restore mode, click Start, point to Programs, point to Accessories, point to
System Tools, and then click Backup to start the Windows 2000 Server Backup utility.
b. Click Restore Wizard, and then click Next.
c. Select the appropriate backup location, and then make sure that at least the System disk and System
State containers are selected.
d. Click Advanced, and then make sure that you restore junction points. If you do not use the Advanced
menu, the restore process will not be successful.
e. In the Restore Files to list, click Original Location.
f. Click OK, and then complete the restore process. A visual progress indicator is displayed.
g. When you are prompted to restart the computer, do not restart.
4. At a command prompt, type ntdsutil, and then press ENTER.
5. Type authoritative restore, and then press ENTER.
6. Type the following command, and then press ENTER:
1
1
restore subtree ou=OU_Name,dc=Domain_Name,dc=xxx
Note In this command, OU_Name is the name of the organizational unit that you want to restore,
Domain_Name is the domain name that the OU resides in, and xxx is the top-level domain name of the
domain controller, such as "com," "org," or "net."
7. Type quit, press ENTER, type quit, and then press ENTER.
8. Type exit, and then press ENTER.
9. Restart the domain controller.
Exercise 7
Intrusion detection is a process that proactively detects inappropriate, incorrect, or anomalous activity
from an external network (Internet) against the IT infrastructure of an organization. Some of the popular
intrusion methods include port scanning, WinNuke, DoS attacks, or ping of death, which a regular firewall
cannot detect. The intrusion could be accidental or intended with the purpose of disrupting work or
damaging the reputation of the organization. Unless these attacks are detected well in advance and
appropriate actions taken, they can lead to financial losses and customer dissatisfaction.
Many organizations sell intrusion detection tools for additional cost. ISA Server 2004 has an integrated
basic intrusion detection tool licensed from Internet Security Systems (ISS). This provides a cost-effective
intrusion detection solution for any medium business, and is recommended by the Medium Business
Solution for Core Infrastructure.
Based on the recommendations provided in this chapter, Lucerne Publishing decided to make use of the
built-in intrusion detection feature of ISA Server 2004 instead of investing in a separate intrusion detection
software.
Application Filtering
Application layer protocol traffic, such as SMTP, HTTP, DNS, RPC (Remote Procedure Call), PPTP, and
FTP, can contain malicious codes and scripts, inappropriate commands, and binary files containing
viruses. These codes, scripts, commands, and viruses can cause serious damage if they reach the internal
network of the organization. Application filtering scans the traffic passing through the firewall and filters
out packets that have malicious code, scripts, or viruses. Both inbound and outbound traffic should be
scanned. Outgoing traffic is scanned to ensure that the organization is not a source for spreading viruses
and worms on the Internet.
The firewall server should be able to provide application filtering for various application layer
protocols. Some examples of how application filtering can be used in the medium IT environment
are as follows:
• SMTP filtering protects internal mail servers from security threats that include buffer overflow attacks
caused by malicious SMTP request designed and sent by the attackers.
• HTTP (and secure HTTP (HTTPS)) filtering enables a device to scan the HTTP and tunneled FTP traffic
for hidden security threats. Possible threats include:
1
1
• Malicious code, viruses, and worms in content that is downloaded from the Internet. This includes
Code Red and Nimda viruses.
• Web requests containing malicious code inside the HTTP header or data, which can cause internal
Web servers to malfunction and send malicious code to other systems on the network. Examples
include directory traversal attacks, buffer overflow attacks, cross-site scripting attacks, and high-bit
encoding attacks.
• Malicious code hidden inside an SSL connection, sent by a client computer connecting to the internal
secure Web sites.
In the Medium Business Solution for Core Infrastructure, the following two choices were considered for
providing application filtering:
• Application filtering feature built into ISA Server.
• Non-Microsoft application filtering software.
The following table presents the advantages and disadvantages of these choices.
1
1
Web Proxy
The Web proxy feature enables the firewall to provide proxy services to Web requests coming from the
internal network behind the firewall or proxy server. The firewall or proxy server creates connections to
the Web servers on the Internet on behalf of clients on the internal network. The firewall receives
responses from the Web server, inspects the content for any vulnerability, and forwards the responses to
the client on the internal network that requested the connection. The choice to be made is whether to use
Web proxy in the medium IT environment.
The following table presents the advantages and disadvantages of using Web proxy.
Advantages Disadvantages
High security: Web proxy acts as a gatekeeper by Low performance: Web proxy has a slight negative
preventing direct communication between Web impact on the performance of Internet access. This is
clients on the internal network and computers on because the firewall needs to do additional processing
the Internet, thereby protecting the internal Web to handle client requests.
clients from direct attacks. Configuration overhead: Clients computers in the
Monitoring: Web proxy monitors the Web traffic internal network need to be configured.
based on user name and client IP address as well as
the URL visited and the application used to access
the Internet.
Table 4. Advantages and Disadvantages of Using Web Proxy
The Medium Business Solution for Core Infrastructure recommends using Web proxy. Following this
recommendation, Lucerne Publishing decided to use the built-in Web proxy feature of the ISA Server.
They decided to remove the existing proxy server thereby reducing the additional overhead involved in
maintaining a dedicated proxy server.
Web Caching
Web caching provides improved performance for users who download content from HTTP or FTP sites.
Caching improves the response time for internal clients who access Internet Web servers as well as for
external Internet users accessing an internal Web server.
When internal users request content from Web servers on the Internet for the first time, the
content is cached by the Web cache. When the same content is requested again by an internal
user, the content is served from the Web cache. This provides the following benefits:
• Improved response time: Serving the content from the cache is much faster than downloading the
content from the Web server on the Internet.
• Reduced Internet bandwidth consumption: Because the data is downloaded only once, the Internet
bandwidth, which is expensive, is conserved.
• Data availability: If the Internet or the Web server is not available for some reason, data can still be
served to users from the cache.
A similar process of Web caching takes place when external users request content from the Web
server on the internal network. The difference, however, is that the cashing happens for outgoing
traffic and the benefits provided include:
• Reduced load on the Web server: Because the Web server does not need to serve the same content
1
1
multiple times.
• Data availability: If the internal Web server is not available for some reason, data can still be served to
external users from the cache.
In the Medium Business Solution for Core Infrastructure, the following two choices were considered for
providing Web caching:
• Web caching built into ISA Server.
• Non-Microsoft Web caching
software.
The following table presents the advantages and disadvantages of using these two choices.
Exercise 9
Registry Editor and Registry Administration
Windows NT 4.0 includes two tools for viewing and editing the Registry, both called Registry Editor. The
traditional tool, Regedt32.exe, is featured in this chapter. The new tool, Regedit.exe, written for Windows
95, has many of the same functions as Regedt32 and uses the Windows NT Explorer interface. Both tools
are installed automatically when you install Windows NT on any computer.
1
2
You can use either Registry editor to add, delete, or modify Registry entries. This chapter describes the
Registry editors and how to use them, with an emphasis on protecting the Registry contents and using
Registry editors to monitor and maintain the system configuration on remote computers.
The following topics are included in this chapter:
• Using Registry editors and Windows NT Diagnostics (Winmsd.exe)
• Viewing the Registry of a remote computer
• Editing Registry value entries
• Maintaining the Registry
It is recommended that, wherever possible, you make changes to the system configuration by using
Control Panel or the applications in the Administrative Tools (Common) group.
Caution You can impair or disable Windows NT with incorrect changes or accidental deletions if you (or
other users) use Registry Editor to change the system configuration. Wherever possible, you should use the
Control Panel, Windows NT Diagnostics, and Administrative Tools in Windows NT to change the
Registry. Registry Editor should be used only as a last resort.
The Registry editors, Regedt32 and Regedit, do not appear in any menus or as icons in any window.
However, they are installed automatically when you install Windows NT.
1
2
• To search for keys and subkeys, value entries, and values in Regedit, use the Find command on the Edit
menu. You search for a key or subkey by using the Find Key command on the View menu in Regedt32,
but you cannot search for value entries or values.
Table 24.1 shows some methods of using the keyboard to display data in each of the Registry
Editor windows.
1
2
Figure 24.1 The Windows NT Diagnostics dialog box
In the Windows NT Diagnostics dialog box, click a tab to display data from the Registry in an easily
readable format.
Tip You cannot edit value entries by using Windows NT Diagnostics, so the Registry contents are
protected while you browse for information. However, you can select and copy any value if you want to
paste information by using Registry Editor or a text editor.
Adding a Key
You can add a key to store data in the Registry. For example, you can add a subkey under
CurrentControlSet\Services to start a service process you have written or to install a device driver that
doesn't have an installation program.
To do this, you must have Create Subkey access permission for the key under which you are adding a
subkey, as described in "Assigning Access Rights to Registry Keys," later in this chapter.
1
2
same level in the hierarchy. That is, Key1 and Key2 can each have a subkey named Key3, but Key1
cannot have two subkeys named Key3.
4. Leave the Class box blank. This box is reserved for a future use.
5. Click OK to display the new key in the Registry Editor window.
1
2
include the name of the key you are deleting. Check your selection carefully before proceeding. To recover
a subkey of HKEY_LOCAL_MACHINE \System \CurrentControlSet, restart the computer. Press the
spacebar immediately when you see the message Press spacebar now to invoke Hardware Profile/Last
Known Good Menu.
In Regedt32, you can protect the Registry from accidental deletions by using the following
methods:
• Protect data through read-only mode.
From the Options menu, select Read Only Mode. When this option is selected, Regedt32 does not save
any changes. This protects the data from accidental changes.
• Protect data through confirmation.
From the Options menu, select Confirm On Delete. When this option is selected, Regedt32 prompts
you to confirm deletion of any key or value.
Exercise 10
Many networks were installed to provide basic file and printer sharing. As business requirements have
expanded, however, so have the demands on computing infrastructures. These same networks must now
support a growing number of new capabilities and services, such as electronic commerce, remote
communications, Web publishing, e-mail, and database applications in a client/server processing model.
To provide these services to small and large businesses, many information technology professionals
are using Microsoft® Windows® 2000 Server-based computing environments. Windows 2000
Server serves as a unifying foundation that does the following:
• Combines and enhances the capabilities of diverse server operating systems.
• Enables organizations to extend a consistent set of system services, applications, and user interfaces
across a network. System services are typically core operating system functions running at either the
executive- or user-mode in the Windows 2000 Server operating system architecture. Applications run in
user mode and, more often than not, require a user logon to run.
The core server technology of Small Business Server 2000 is Windows 2000 Server, which is designed to
work with the many client network operating systems. This protects the network investments of the small
business and provides the necessary flexibility for a small business to keep up with evolving business
computing demands.
This chapter describes the requirements for interoperability between Small Business Server 2000 and other
operating system environments.
Interoperability Layers
When assessing interoperability issues, think of your organization's computing infrastructure in
terms of four layers: network, data, applications, and management. Depending on the platforms
combined, one or more of these areas must be addressed:
• Network layer. Consists of low-level communication protocols, such as Internet Packet Exchange (IPX)
and TCP/IP, which are used to transport data. Also includes such functionality as terminal emulation or
print services.
• Data layer. Provides access to both structured (primarily database) and unstructured (primarily file
systems) data sources. In addition, includes access to other critical information, such as e-mail.
1
2
• Application layer. Addresses the way an organization's application infrastructure can allow applications
running on different operating systems to work together. For example, this layer defines how two
applications can participate in transactions, or how an application can be delivered to multiple client
platforms.
• Management layer. Focuses on cross-platform user, system, and network management.
NetWare Interoperability
Small Business Server 2000 integrates easily with the infrastructures of NetWare 2.x, 3.x, 4.x, and
5.x (in bindery emulation mode). This helps to lower operating costs, increase resource use, and
enables a platform for innovative client/server solutions. To ease the integration, Microsoft
developed a set of utilities that enables Windows 2000 Server to fully integrate with most NetWare
networks. These technologies address NetWare interoperability at the network, data, and
management layers. The following utilities are part of the Windows 2000 Server application in
Small Business Server 2000:
• Gateway Service for NetWare (GSNW)
• Client Services for NetWare (CSNW)
• NWLink (an IPX/SPX-compatible protocol)
Also, File and Print Services for NetWare (FPNW) can be purchased to further enhance Windows 2000
Server and NetWare interoperability.
1
2
Figure 20.1 Gateway Service for NetWare configuration
GSNW offers the following features:
• Protocol availability.
Enables the small business to use any protocol on client desktops without losing NetWare LAN connectivity. For
example, Windows 2000 Professional-based clients can access NetWare resources by using TCP/IP without
requiring a NetWare client redirector on an IPX/SPX protocol stack. The efficiency of GSNW reduces the
administrative load for each client, improving network performance.
GSNW also enables the technology consultant to deploy TCP/IP as the strategic protocol without incurring the
additional costs of replacing older technologies.
• Remote access to NetWare file and print servers.
Small Business Server can be deployed as a communications server to enable remote user access to the NetWare
LAN. This feature of GSNW enables NetWare, MS-DOS, or Windows operating system-based clients to use the
Windows 2000 Server Routing and Remote Access Service (RRAS) to maintain a reliable and secure connection
when connecting to the LAN.
• Novell Directory Services (NDS) support.
This feature enables users to do the following:
• Navigate NDS trees.
• Authenticate with an NDS-aware server.
• Print from NDS.
• Get NetWare 4.x and 5.x logon script support.
NWLink
NWLink is an IPX/SPX-compatible protocol that provides NetWare clients with access to Windows 2000
Server-based applications. With this protocol, NetWare clients can gain access to applications such as
Microsoft SQL Server™ 2000 or Microsoft Exchange 2000 Server without changing any client-side
software. NWLink also establishes a means of communication for the tools that interoperate with
NetWare.
1
2
Microsoft's implementation of IPX/SPX and Novell NetBIOS-compatible protocols can coexist with other
protocols on the same network adapter card. This means you can have several networks running
independently on the same network hardware connection. NWLink also supports Windows Sockets,
Novell NetBIOS, and Named Pipes protocols.
More Information
For additional information about NetWare integration with Small Business Server 2000, refer to Appendix
B, "Migrating from a NetWare Environment."
UNIX Interoperability
Small Business Server 2000 integrates easily with an existing UNIX infrastructure. This helps lower
operating costs, increases resource utilization, and assures a smooth migration from legacy UNIX
environments. To facilitate the integration of UNIX environments with the Windows 2000 Server
application, Microsoft offers Services for UNIX. The components of this package include technologies for
resource sharing, remote administration, password synchronization, and common scripting across
platforms. Support for these technologies is described in the following sections with respect to the
network, data, application, and management layers.
TCP/IP
Windows 2000 Server includes TCP/IP, the primary transport protocol for the Internet, intranets, and
homogeneous or heterogeneous networks. With TCP/IP built into its operating system, Windows 2000
Server can exchange data with both UNIX hosts and the Internet.
1
2
File Transfer and Hypertext Transfer Protocols
With File Transfer Protocol (FTP) and HTTP services, users can copy files across heterogeneous networks
and then manipulate them locally as text files or Microsoft Word documents.
1
2
Database Connectivity Tools
Open Database Connectivity (ODBC) is a software interface that separates data access from the data
sources, to make it easier to gain access to a database on a network. The ODBC database access interface
enables programmers to gain access to data from a diverse set of sources, using a standard series of
functions and commands. This means that application developers using ODBC can create applications that
connect to databases running on UNIX or Windows 2000 Server, and their application code will run
exactly the same way on either platform. With ODBC, developers avoid having to code to each specific
data source's requirements—efficiency that significantly increases productivity.
Object Linking and Embedding Database (OLE DB) takes ODBC a step further. While ODBC is designed
around accessing relational data sources using Structured Query Language (SQL), OLE DB is focused on
providing access to any data, anywhere.
Telnet
Users can access character-based UNIX applications through Windows 2000 Server support for remote
logon. By running terminal emulation software (Telnet) built into Windows 2000 Professional, Windows
Me, Windows 95, Windows 98, and Windows NT client operating systems, users can log on to a UNIX
timesharing server. After entering an authorized user name and password, users can access applications
residing on the remote UNIX system as if they were logged on locally.
1
3
For example, users can update a Microsoft SQL Server database in Small Business Server and an Oracle
database on a UNIX system under a single atomic transaction. If the transaction commits, both databases
are updated. If the transaction quits, all work performed on each database is rolled back to a pre-
transaction state.
MTS interoperates with any Oracle platform accessible from Windows 2000, Windows NT, Windows Me,
or Windows 95 and Windows 98. Microsoft Distributed Transaction Coordinator (DTC) does not need to
be running on UNIX and other non-Windows 2000 platforms in order for an MTS component to update an
Oracle database.
MTS also works with Oracle version 8 databases. However, users must access the Oracle 8 database server
by using the Oracle 7.3 client. Also, the Microsoft Oracle ODBC driver supplied with MTS 2.0 must be
used with the Oracle database, because it is the only Oracle OBDC driver that works with MTS.
1
3
Administrative Tools
Services for UNIX offers the following three features to simplify the administration of combined
Windows 2000 Server and UNIX networks:
• Password synchronization between Windows 2000 Server and UNIX servers. This reduces user
confusion and the technology consultant's workload.
• Telnet administration of both UNIX and the Windows 2000 Server operating system, including access to
network administration from a single client workstation.
• Korn Shell (a UNIX command line interface) and common UNIX commands, thus enabling UNIX shell
scripts to run on Windows 2000 Server. This means that UNIX administrators can use familiar UNIX
commands on Windows 2000 Server.
Macintosh Interoperability
Services for Macintosh is an integrated component of Windows 2000 Server that enables Windows and
Macintosh clients to collaborate and share information across the small business network. Macintosh users
can connect to a Windows 2000 Server in the same way that they connect to an AppleShare Server. The
service supports an unlimited number of simultaneous Apple Filing Protocol (AFP) connections to a
Windows 2000 Server, and the Macintosh sessions are integrated with Windows 2000 sessions. Windows
2000 Server is transparent to the Macintosh user—its presence is revealed only by the quick
responsiveness of the network.
Graphics Performance
In the past, Macintosh clients used UNIX servers to facilitate the heavy performance requirements of
moving large graphics files across a network. With optimization for high bandwidth networks, such as Fast
Ethernet and its full-featured functionality, Windows 2000 Server can handle the most demanding needs of
Macintosh users. Windows 2000 Server is also ideal for the publishing marketplace, because most of the
major server applications are already using it.
File Sharing
Services for Macintosh enables Macintosh users to access and share files on a Windows 2000 Server-
based network. The service includes a full AFP 2.0 file server. All Macintosh file system attributes, such
as resource data forks, are supported. As a file server, all filenames, icons, and access permissions are
intelligently managed. For example, a Word for Windows file appears on the Macintosh computer with the
correct Word for Windows icons. These applications can also be run from the file server as Macintosh
applications. When files are deleted, no orphaned resource forks remain to be cleaned up.
Macintosh-accessible volumes can be created in My Computer. Services for Macintosh automatically
create a Public Files volume at installation time. At the same time, Windows 2000 file and directory
permissions are translated into corresponding Macintosh permissions.
Printer Sharing
Services for Macintosh enables Macintosh users to gain access to and share printers on a Windows 2000
Server-based network. With Services for Macintosh, Macintosh users can gain access to the print server
1
3
through the Chooser dialog box, and can print PostScript jobs to either PostScript or non-PostScript
printers, using the Windows 2000 Server print services.
Administration
Services for Macintosh can be administered from Control Panel. It can also be started transparently,
provided that the technology consultant has configured the server to use the service.
Security
With Internet Security and Acceleration (ISA) Server 2000, which is included with Small Business Server,
Macintosh clients have fast and secure access to the Internet. Also, Services for Macintosh fully supports
and complies with Windows 2000 security. It presents the AFP security model to Macintosh users and
enables them to gain access to files on volumes that reside on compact discs or other read-only media. The
AFP server also supports both clear text and encrypted passwords at logon time.
Note The technology consultant has the option of configuring the server to not accept clear text passwords.
1
3
Feature Benefit
are printing to a LaserWriter.
AppleTalk/PostScript Windows users can send print jobs to PostScript printers on an AppleTalk
printing for Windows users network, which provides them with access to more network resources.
A user interface in Services for Macintosh allows for publishing a print queue
on AppleTalk and for choosing an AppleTalk printer as a destination device.
User identification and Users can log on to Small Business Server from either a Windows PC or a
directory permissions Macintosh computer, using the same user identification. Windows 2000 Server
directory permissions for Macintosh users can be set in exactly the same way as
an AppleShare Server, eliminating the need for Macintosh users to learn a new
security model.
High volume capacity Macintosh users use a Windows 2000 Server NTFS volume.
Flexible server hardware Windows 2000 Server supports more hardware options than any other network
options operating system. Thus, Macintosh users can choose the server hardware
platform that best suits their needs, including PowerPC platforms.
-: Session 10:-
Exercise 1:-
NOTE: As an alternative, you can install the Recovery Console on your computer so it is always
available. See the "Precautionary Measures" section of this article for information about how to install the
Recovery Console on a working computer.
. Connect to the server that contains the files or folders that you want to encrypt.
2. Right-click the file or folder that you want to encrypt, and then click Properties.
3. On the General tab, click Advanced.
1
3
4. Click to select the Encrypt contents to secure data check box, click OK, and then click OK.
Note that if you encrypt a folder, you are prompted to confirm how you want to apply the attributes.
Click either of the following options, and then click OK:
• Apply to this folder only
• Apply changes to this folder, subfolders and files
5. Repeat steps 2 through 4 for each file or folder that you want to encrypt.
NOTE: The data is encrypted when it is stored on disk, not when it is sent across the network. When you
open an encrypted file over the network, the data that is transferred over the network is not encrypted. You
must use a network protocol such as Secure Sockets Layer/Private Communications Technology
(SSL/PCT) or Internet Protocol Security (IPSec) to encrypt data that is transmitted across a network.
Exercise 4:-
How to back up the recovery agent Encrypting File System (EFS) private key in Windows 2000, and in
Windows XP.
INTRODUCTION
This article describes how to back up the recovery agent Encrypting File System (EFS) private key in
Windows Server 2003, in Windows 2000, and in Windows XP. You can use the recovery agent's private
key to recover data in situations when the copy of the EFS private key that is located on the local computer
is lost.
You can use EFS to encrypt data files to prevent unauthorized access. EFS uses an encryption key that is
dynamically generated to encrypt the file. The File Encryption Key (FEK) is encrypted with the EFS
public key and is added to the file as an EFS attribute that is named Data Decryption Field (DDF). To
decrypt the FEK, you must have the corresponding EFS private key from the public-private key pair. After
you decrypt the FEK, you can use the FEK to decrypt the file.
If your EFS private key is lost, you can use a recovery agent to recover encrypted files. Every time that a
file is encrypted, the FEK is also encrypted with the Recovery Agent's public key. The encrypted FEK is
attached to the file with the copy that is encrypted with your EFS public key in the Data Recovery Field
(DRF). If you use the recovery agent's private key, you can decrypt the FEK, and then decrypt the file.
Note that a computer that is running Windows XP and that is a member of a workgroup does not have a
default recovery agent. You have to manually create a local recovery agent. The local administrator is not
always the default Encrypting File System recovery agent
Important After you export the private key to a floppy disk or other removable media , store the floppy
disk or media in a secure location. If someone gains access to your EFS private key, that person can gain
access to your encrypted data.
Export the recovery agent’s private key from a computer that is a member of a workgroup
To export the recovery agent’s private key from a computer that is a member of a workgroup, follow these
steps:
1. Log on to the computer by using the recovery agent’s local user account.
1
3
2. Click Start, click Run, type mmc, and then click OK.
3. On the File menu, click Add/Remove Snap-in, and then click Add.
4. Under Available Standalone Snap-ins, click Certificates, and then click Add.
5. Click My user account, and then click Finish.
6. Click Close, and then click OK.
7. Double-click Certificates - Current User, double-click Personal, and then double-click Certificates.
8. Locate the certificate that displays the words "File Recovery" (without the quotation marks) in the
Intended Purposes column.
9. Right-click the certificate that you located in step 8, point to All Tasks, and then click Export. The
Certificate Export Wizard starts.
10. Click Next.
11. Click Yes, export the private key, and then click Next.
12. Click Personal Information Exchange – PKCS #12 (.PFX).
Note We strongly recommend that you also click to select the Enable strong protection (requires IE
5.0, NT 4.0 SP4 or above check box to protect your private key from unauthorized access.
If you click to select the Delete the private key if the export is successful check box, the private key is
removed from the computer and you will not be able to decrypt any encrypted files.
13. Click Next.
14. Specify a password, and then click Next.
15. Specify a file name and location where you want to export the certificate and the private key, and then
click Next.
Note We recommend that you back up the file to a disk or to a removable media device, and then store
the backup in a location where you can confirm the physical security of the backup.
16. Verify the settings that are displayed on the Completing the Certificate Export Wizard page, and then
click Finish.
To locate the Encrypted Data Recovery policy, open the Default Domain Policy in the Group Policy
Object Editor snap-in, expand Computer Configuration, expand Windows Settings, expand Security
Settings, and then expand Public Key Policies.
To export the domain recovery agent's private key, follow these steps:
1. Locate the first domain controler that was promoted in the domain.
2. Log on to the domain controller by using the built-in Administrator account.
3. Click Start, click Run, type mmc, and then click OK.
4. On the File menu, click Add/Remove Snap-in, and then click Add.
5. Under Available Standalone Snap-ins, click Certificates, and then click Add.
6. Click My user account, and then click Finish.
7. Click Close, and then click OK.
8. Double-click Certificates - Current User, double-click Personal, and then double-click Certificates.
9. Locate the certificate that displays the words "File Recovery" (without the quotation marks) in the
Intended Purposes column.
1
3
10. Right-click the certificate that you located in step 9, point to All Tasks, and then click Export. The
Certificate Export Wizard starts.
11. Click Next.
12. Click Yes, export the private key, and then click Next.
13. Click Personal Information Exchange – PKCS #12 (.PFX).
Note We strongly recommend that you click to select the Enable strong protection (requires IE 5.0,
NT 4.0 SP4 or abovecheck box to protect your private key from unauthorized access.
If you click to select the Delete the private key if the export is successful check box, the private key is
removed from the domain controller. As a best practice, we recommend that you use this option. Install
the recovery agent's private key only in situations when you need it to recover files. At all other times,
export, and then store the recovery agent's private key offline to help maintain its security.
14. Click Next.
15. Specify a password, and then click Next.
16. Specify a file name and location where you want to export the certificate and the private key, and then
click Next.
Note We recommend that you back up the file to a disk or to a removable media device, and then store
the backup in a location where you can confirm the physical security of the backup.
17. Verify the settings that are displayed on the Completing the Certificate Export Wizard page, and then
click Finish.
Exercise 6:-
You receive the following error message, and the print spooler stops:
The instruction at 'address' referenced memory at 'address'. The memory could not be read.
Attempting to restart the Print Spooler service or open the Printers folder causes the same message.
These problems may occur if the default local port monitor is changed by a third-party program. Fixing
these problems requires editing the registry.
1
3
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to
reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from
using Registry Editor incorrectly. Use Registry Editor at your own risk.
1. Start Registry Editor.
2. Locate the Local Port value under the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port
3. Double-click the Driver subkey, and then edit the value. Change the string value to Localspl.dll, and
then click OK.
4. Check the following registry key for third-party monitors. Remove any non-default monitors:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors
The default port monitors are:
AppleTalk Printing Devices (When Services for Macintosh is installed)
BJ Language Monitor
Local Port
PJL Language Monitor
Standard TCP/IP Port
USB Monitor
Windows NT Fax Monitor
** LPR Port
NOTE: Do not remove LPR Port Monitor unless advised by a Microsoft Support Professional.
5. Check the following registry key for third-party print providers. Remove any non-default print
providers:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers
The default print providers are:
Internet Print Provider
LanMan Print Services
6. Check the following registry key for third-party print processors. Remove any non-default print
processors:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT
x86\Print Processors
The default print processor is:
WinPrint
To find out what printer is using the print processor, use the Microsoft Product Support Reporting Tool
(MPS_REPORTS) tool to open MachineName_PRINTDRIVERS.TXT, and then search for the third-
party print processor and for the queues that are using the print processor.
7. Change the third-party print processor to WinPrint.
8. Click Start, point to Settings, and then click Control Panel.
9. Double-click Printers, right-click the printer, and then click Properties.
10. On the Advanced tab, click Print Processor.
11. In the Print Processor box, click WinPrint.
12. Click OK two times.
13. Quit Registry Editor.
After you edit the registry, restart the print spooler. To do so, start Microsoft Management Console
(MMC) and add the Computer Management or the Services snap-in. Right-click Print Spooler Service,
and then click Start.
Exercise 9:-
SYMPTOMS
1
3
When you use a dial-up remote access service (RAS) connection to browse the Internet or to connect to a
corporate network, your computer may stop responding (hang) and return a Stop error (an error on a blue
screen) similar to the following:
STOP: 0x0000000A (0xC104027E, 0x00000002, 0x00000000, 0x804A5DE6)
IRQL_NOT_LESS_OR_EQUAL
CAUSE
This problem may be caused by the Winacpci.sys driver that is supplied by your modem manufacturer. For
additional information about the Winacpci.sys driver, please contact your modem manufacturer.
RESOLUTION
To resolve this issue, disable the Winacpci.sys driver by using the Recovery Console. To do so, follow
these steps:
1. Start your computer with the Windows 2000 boot disks, or with the Windows 2000 CD-ROM if your
computer can start from the CD-ROM drive.
2. In the Welcome to Setup screen, press R to repair the Windows 2000 installation.
3. In the Windows 2000 Repair Options screen, press C to use the Recovery Console.
4. Select the Windows installation that you want to log on to by typing the number of the installation and
then pressing ENTER.
5. Type the Administrator password for your computer, and then press ENTER.
6. At the prompt, type cd system32, and then press ENTER.
7. Type listsvc, and then press ENTER.
8. Locate the Winacpci.sys driver in the list that is provided.
WARNING: Make sure that you locate the Winacpci.sys driver in the list that is provided. Using the
wrong file in the following steps may result in more problems.
9. Type disable Winacpci.sys, and then press ENTER.
NOTE: The Disable command prints the old start_type values of the service before it resets the service
to SERVICE_DISABLED. Record the old start_type information, in case you have to restore the
service later.
10. Type exit.
WORKAROUND
The Winacpci.sys driver that this article mentions comes from the modem manufacturer. To possibly work
around this problem, use the Windows 2000 version driver. Windows 2000 includes the Winacpci.sys
driver in the I386\driver.cab file with a date of Friday, September 24, 1999, 11:55:30 PM.
Follow the on-screen instructions. Windows finds and installs the driver from the Windows 2000 CD.
Exercise 7
1
3
Cause:
You may want to enable call waiting for users with one phone line. This will disconnect the computer
from the phone line when a call comes through.
It may be required that call waiting be disabled to ensure it is not causing the computer modem to not
function.
Solution:
Before attempting to enable call waiting you must ensure that the phone company has enabled this extra
feature on your phone line. If this feature is enabled and the phone line does not have this feature it is
likely that the modem will not work. Below are steps for Windows 95 and 98 users to ensure that call
waiting is not enabled on the computer.
The following are steps on how to disable call waiting. It is important to remember if you have one phone
line and disable call waiting no one will be able to reach you.
MS-DOS and Windows 3.x users can enable call waiting by following the below steps:
1. When dialing a BBS or Internet number place one of the following prefix codes in front
of the phone number. Generally this is *70 however may vary in your area.
The available numbers are:
*70
#70
1170
To separate this number and the phone number generally a comma is required. The
following is an example of what this may look like:
*70,18011231234
Windows 95 / 98 users can disable call waiting by following the below steps:
This problem may occur if the basic input/output system (BIOS) on your computer is outdated, or if one or
more of the following Windows boot files are missing or damaged:
1
4
Ntldr
Ntdetect.com
Boot.ini
To resolve this issue, verify that the BIOS on your computer is current, and then use one or more of the
following methods, as appropriate to your situation, to repair the Windows 2000 startup environment.
IMPORTANT: Microsoft recommends that you fully back up your data on a regular basis. This is the best
defense against data loss, and it must be a part of any disaster recovery plan.
For information about how to configure and how to verify the correct BIOS settings for the computer, see
the computer documentation or contact the manufacturer of the computer.
To repair the Windows startup environment, use one or more of the following methods, as
appropriate to your situation.
3. Modify the Boot.ini file to point to the correct hard disk controller and to the correct volume for your
Windows installation.
4. Insert the boot disk into the computer's floppy disk drive, and then restart the computer.
5. Copy the Ntldr file, the Ntdetect.com file, and the Boot.ini file from the boot disk to the system partition
of the local hard disk.
Method 2: Use the Recovery Console
1. Use the Windows 2000 Setup disks to restart the computer, or use the Windows 2000 CD-ROM to
restart the computer.
2. At the Welcome to Setup screen, press R to repair the Windows 2000 installation.
3. Press C to repair the Windows 2000 installation by using the Recovery Console.
4. Type the number that corresponds to the Windows installation that you want to repair, and then press
ENTER. For example, type 1, and then press ENTER.
5. Type the Administrator password, and then press ENTER.
6. Type map, and then press ENTER. Note the drive letter that is assigned to the CD-ROM drive that
contains the Windows 2000 CD-ROM.
7. Type the following commands, pressing ENTER after you type each one, where drive is the drive letter
that you typed in step 4 of "Method 2: Use the Recovery Console," of this article:
copy drive:\i386\ntldr c:\
NOTE: In these commands, there is a space between the ntldr and c:\, and between ntdetect.com and
1
4
c:\.
8. Type the following command, and then press ENTER:
type c:\Boot.ini
A list similar to the following list appears:
If you receive the following message, the Boot.ini file may be missing or damaged:
The system cannot find the file or directory specified.
9. If the Boot.ini file is missing or damaged, create a new one. To do so, follow these steps:
a. Use a text editor, such as Notepad or Edit.com, to create a boot loader file similar to the following
boot loader file:
NOTE: If you used Notepad to create the file, make sure that the .txt extension is not appended to
the Boot.ini file name.
c. Type the following command at the Recovery Console command prompt to copy the Boot.ini file
from the floppy disk to the computer:
copy a:\Boot.ini c:\
10. Type exit, and then press ENTER. The computer restarts.
1
4
2. On the Setup will install Windows 2000 on partition page, select Leave the current file system
intact (no changes), and then press ENTER.
3. Press ESC to install Windows 2000 to a new folder.
4. In the Select the folder in which the files should be copied box, type \tempwin, and then press
ENTER.
11. Replace all instances of TEMPWIN with WINNT. The Boot.ini file that appears is similar to the
following file:
1
4
DATABASE MANAGEMENT
SYSTEM
(DBMS)
1
4
Session 1
1
4
Step3: CREATE table Department_Location;
1
4
Step6: CREATE table Dependent;
2. Find out all those departments that are located in more than one location.
SELECT [Department].[Dept_name], [Department].[Dept_no], [Department_Location].[Dept_location] FROM
Department INNER JOIN Department_Location ON [Department].[Dept_no] = [Department_Location].
[Dept_no] WHERE ((([Department].[Dept_name])="CPMU"));
1
4
3. Find the list of projects.
SELECT [Project].[Proj_name], [Project].[Proj_no] FROM Project ORDER BY [Project].[Proj_no];
1
4
Session 2
1
4
Step4: CREATE table BookIssue;
1
5
Query 5 a): Get the list of all books (No need to find the no. of copies)
SELECT * FROM Books;
1
5
Query 5 b): Get the list of all members
SELECT [Member_Name] FROM Members;
Query 5 c): Get the Accession no of the books, which are available in the library
SELECT BookIssue.AccNumber FROM BookIssue WHERE (((BookIssue.IssueDate) Is Null));
Query 5 f): Get the list of all books having price greater than Rs. 500/-
SELECT Books.ISBN_No, Books.Author, Books.Publisher, Books.Price FROM Books WHERE
(((Books.Price)>500));
1
5
Query 5 g): Get the list of members who did not have any books issued at any time
SELECT Members.Member_Name FROM BookIssue INNER JOIN Members ON BookIssue.Member_id =
Members.Member_id WHERE (((BookIssue.IssueDate) Is Null));
Query 5 h): Get the list of members who have not returned the book
SELECT BookIssue.Member_id, Members.Member_Name FROM BookIssue INNER JOIN Members ON
BookIssue.Member_id = Members.Member_id WHERE (((BookIssue.ReturnDate) Is Null) AND
((BookIssue.IssueDate) Is Not Null));
Query 5 i): Display member ID and the list of books that have been issued to him/her from time to time
SELECT BookIssue.Member_id, BookIssue.IssueDate, BookIssue.AccNumber FROM BookIssue WHERE
(((BookIssue.IssueDate) Is Not Null)) ORDER BY BookIssue.Member_id, BookIssue.IssueDate;
Query 5 j): Find the number of copies of each book (A book accession no would be different but ISBN no would be
the same)
1
5
SELECT Count(BookRecords.AccNumber) AS CountOfAccNumber, BookRecords.ISBN_No FROM
BookRecords GROUP BY BookRecords.ISBN_No ORDER BY BookRecords.ISBN_No;
Query 5 k): Find the number of copies available of a book of given ISBN no.
(Here we assume the ISBN No = 265498)
SELECT QSes2_5j.CountOfAccNumber, QSes2_5j.ISBN_No FROM BookRecords, QSes2_5j GROUP BY
QSes2_5j.CountOfAccNumber, QSes2_5j.ISBN_No HAVING (((QSes2_5j.ISBN_No)="265498"));
Session 4:
1
5
d) Find the customer belonging to area ‘abc’.
SELECT [Customer].[Name], [Customer].[Area] FROM Customer WHERE ((([Customer].[Area])="abc"));
1
5
g) Create table temp from customer having customer-id, name and area field only.
SELECT Customer.Customer_id, Customer.Name, Customer.Area INTO temp FROM Customer;
h) Display area and number of records within each area (Use Group by clause).
SELECT Count(Customer.Area) AS CountOfArea, Customer.Area FROM Customer GROUP BY
Customer.Area;
1
5
JAVA PROGRAMMING
1
5
1. class Acc
{
String name,acct_type,address;
float initial_amt,curr_bal;
int acct_no;
Acc(String n,int an,float in)
{
name=n;
acct_no=an;
initial_amt=in;
}
Acc(String n,int an,String a,String at,float c)
{
1
5
name=n;
acct_no=an;
address=a;
acct_type=at;
curr_bal=c;
}
void deposit()
{
float deposit=500;
}
void withdraw()
{
float withdraw=200;
}
void get_balance()
{
// float bal=(deposit-withdraw);
// return bal;
}
}
class Account
{
public static void main(String args[])
{
2.
class Area
{
public static void main(String args[])
{
double h=12.0,w=5.0;
double area=(h*w);
1
5
System.out.println("The area of a rectangle is" +area);
}
}
3.
class Avg{
public static void main (String args[]){
double m1=82;
double m2=65;
double m3=90;
double m4=73;
double avg=(m1+m2+m3+m4)/4;
System.out.println("The average of four subjects:"+avg);
}
}
4.
class Break {
public static void main(String args[]){
int i=0;
System.out.println("This is to illustrate break statement");
while(i<100){
if(i==10) break;
System.out.println("i:"+i);
i++;
}
System.out.println("Loop complete");
outer: for(i=0;i<10;i++){
for(int j=0;j<10;j++){
if (j>i){
System.out.println();
continue outer;
}
System.out.println(" "+(i*j));
}
}
System.out.println();
}
}
5.
public class Byzero
{
public static void main(String args[])
{
1
6
int b=100,res=0;
int a[]={0,1,2,5,0,25,0,50,0};
for (int i=0;i<9;i++)
{
try
{
res=res+(b/a[i]);
System.out.println(" "+res);
}
catch (ArithmeticException e)
{
a[i]=1;
}
}
}
}
6.
}
catch(NumberFormatException e)
{
invalid++;
}
}
System.out.println("Total number of arguments:"+args.length);
System.out.println("Invalid numbers:"+invalid);
System.out.println("Sum:"+sum);
}
}
7.
class Exam{
public static void main(String args[])
throws java.io.IOException{
1
6
int m1[]=new int[2];
System.out.println("Enter 2 elements");
for(int i=0;i<2;i++){
m1[i]=(int) System.in.read ();
System.out.println( );
}
for(int. i=0;i<2;i++)
System.out.print(m1[i]+" ");
}
8.
import java.util.*;
public class Except
{
public static void main(String args[])
{
int a[]={1,2,3,4,5,6,7,8,9,1,7,8,9,0};
int num=0;
for (int i=0;i<20;i++)
{
try
{
System.out.println(" "+a[i]);
}
catch(ArrayIndexOutOfBoundsException e)
{
num++;
}
}
System.out.println("Index has been out of bounds by:"+num);
}
}
9.
class Expression
{
public static void main(String args[])
{
byte a=10,b=5;
int c,d,e,f;
c=(a<<2)+(b>>2);
d=(a)|(b>0);
e=(a+b*100)/10;
1
6
f=(a&b);
System.out.println("(a<<2)+(b>>2)="+c);
System.out.println("(a)|(b>0)="+d);
System.out.println("(a+b*100)/10=" +e);
System.out.println("a&b=" +" "+f);
}
}
10.
class B extends A
{
int total;
void sum()
{
total=i+j;
}
}
class Inh1
{
public static void main(String args[])
{
B obj=new B();
obj.setij(10,12);
obj.sum();
System.out.println("Total is="+obj.total);
}
}
11.
import java.io.*;
public class Matrix
{
public static int readInt() throws IOException
{
1
6
BufferedReader b =new BufferedReader(new InputStreamReader(System.in));
int i=Integer.parseInt(b.readLine());
return i;
}
for(int i=0;i<3;i++){
for(int j=0;j<2;j++){
System.out.print("\t "+m2[i][j]);
}
System.out.println();
}
for(int i=0;i<2;i++)
{
for(int j=0;j<2;j++)
{
m3[i][j]=0;
for(int k=0;k<3;k++)
m3[i][j]=m3[i][j]+m1[i][k]*m2[k][j];
}
}
1
6
System.out.print("\t "+m3[i][j]);
}
System.out.println();
}
}
}
12.
class Player
{
String name;
Player(String nm)
{
name=nm;
}
}
class Cricket_player extends Player
{
Cricket_player(String nm)
{
super(nm);
}
void play()
{
System.out.println("play cricket:"+name);
}
}
class Football_player extends Player
{
Football_player(String nm)
{
super(nm);
}
void play()
{
System.out.println("play Football:"+name);
}
}
1
6
super(nm);
}
void play()
{
System.out.println("play hockey:"+name);
}
}
class Player1
{
public static void main(String args[])
{
c.play();
f.play();
h.play();
}
}
13.
class Rect
{
double width,length,area;
String colour;
void set_length(double x)
{
length=x;
}
void set_width(double y)
{
width=y;
}
String set_colour(String z)
{
colour=z;
return colour;
}
double find_area()
{
area=length*width;
System.out.println("Area of rectangle="+area);
1
6
return area;
}
}
class Rectangle
{
public static void main(String args[])
{
System.out.println("Matching rectangles");
}
else
{
System.out.println("Non matching rectangles");
}
}
}
14.
1
6
{
int days_worked;
Daily_worker(String nm,double sr,int dw)
{
super(nm,sr);
days_worked=dw;
}
void compay()
{
pay=days_worked*sal_rate;
System.out.println("\t Name:"+name+ "\tsalary per day"+sal_rate+"\tpay per week"+pay);
}
}
class Salaried_worker extends Worker
{
Salaried_worker(String nm,double sr)
{
super(nm,sr);
}
void compay()
{
pay=(40*sal_rate);
System.out.println("\t Name:"+name+ "\tsalary per hour:"+sal_rate+"\tpay per week:"+pay);
}
}
15.
class Strin1
{
public class void main(String args[])
{
1
6
int cnt=0;
String s="yaminiprasanna";
System.out.println("The length of the string is:"+s.length());
int len=s.length();
for (int i=0;i<len;i++)
{
if (Character.a(s.charAt(i))
{
System.out.println("a is at the position :"i);
cnt++;
}
else
System.out.println("a is not present in the string");
}
System.out.println("a has occured "+cnt+"times");
}
}
16.
class Strin1
{
public static void main(String args[])
{
int cnt=0;
Character s1=new Character('a');
String s="yaminiprasanna";
System.out.println("The length of the string is:"+s.length());
int len=s.length();
for (int i=0;i<len;i++)
{
Character s2=new Character(s.charAt(i));
if ( s1.equals(s2))
{
System.out.println("a is at the position :"+i);
cnt++;
}
}
System.out.println("a has occured "+cnt+"\ttimes"); }}
17.
1
6
{
public static void main(String args[])
{
String s="I am studying in ignou at bangalore";
System.out.println("First occurence of character 'a' is at position:"+s.indexOf('a'));
System.out.println("Last occurence of character 'a' is at position:"+s.lastIndexOf('a'));
}
}
18.
import java.io.*;
public class Strin4
{
public static void main(String args[]) throws IOException
{
String var,var1;
BufferedReader str=new BufferedReader(new InputStreamReader(System.in));
System.out.println("Enter any statement");
var=str.readLine();
var1=var.toUpperCase();
System.out.println("The statement in uppercase is\n"+var1);
}
}
19.
import java.io.*;
class Sumdigits{
public static void main(String args[])
throws IOException{
BufferedReader br=new BufferedReader(new InputStreamReader(System.in));
String str;
int num,rem;
int sum=0;
1
7
}
20.
1
7
{
Fivetable f=new Fivetable();
Sixtable s=new Sixtable();
Seventable se=new Seventable();
Eighttable e=new Eighttable();
Ninetable n=new Ninetable();
f.setPriority(7);
s.setPriority(2);
se.setPriority(10);
e.setPriority(5);
n.setPriority(8);
f.sleep(1500);
if (f.isAlive())
System.out.println("Thread 5 is alive");
else
System.out.println("Thread 5 is not alive");
s.start();
if (s.isAlive())
System.out.println("Thread 6 is alive");
else
System.out.println("Thread 6 is not alive");
se.sleep(1000);
if (se.isAlive())
System.out.println("Thread 7 is alive");
else
System.out.println("Thread 7 is not alive");
e.start();
if (e.isAlive())
System.out.println("Thread 8 is alive");
else
System.out.println("Thread 8 is not alive");
n.start();
if (n.isAlive())
System.out.println("Thread 9 is alive");
else
System.out.println("Thread 9 is not alive");
}
}
21.
abstract class worker
1
7
{
String name;
double sal_rate;
worker(String nm,double sr);
{
name=nm;
sal_rate=sr;
}
abstract void compay()
}
class Daily_worker extends worker
{
int days_worked;
Daily_worker(String nm,double sr,int dw)
{
super(nm,sr);
days_worked=dw;
}
void compay()
{
double pay=(days_worked*sal_rate)
System.out.println("\t Name:"+name+ "\tsalary per day"+sal_rate+"\tpay per week"+pay);
}
}
class Salaried_worker extends worker
{
Daily_worker(String nm,double sr)
{
super(nm,sr);
}
void compay()
{
double pay=(40*sal_rate)
System.out.println("\t Name:"+name+ "\tsalary per hour"+sal_rate+"\tpay per week"+pay);
}
}
1
7
1
7