MCSE Classes

WINDOWS 2003 SERVER (MCSE)
Networking is for – sharing resources, security, communication etc.
Basic Requirements of Networking are

1) Two Systems
2) Operating System
3) Network Interface Card(NIC)
4) Media (Guided Media or Un Guided Media)
5) Connectors
6) IP Address
1) The two Systems can be any configuration

e.g.: the two systems can be of Intel and AMD.
2) The Operating System’s can be of any Vendor

e.g.: the Operating System’s can be Microsoft and Linux.
3) The NIC can be of different vendors.
4) Guided Media: - A physical connectivity between systems is called guided media.

Un-Guided Media: - A logical connectivity between systems is called un-guided media.
16 bit ISA NIC (Old version) & 32 bit PCI (NIC) can communicate each other.
5) The Connectors are cable Dependent.
6) 2 types of IP versions are available.

IP V.6 (Only in Japan) IP V.4 (other).
IP ADDRESSING
IP Address
TCP/IP is unique in that the network portion of the address has not been allocated a
fixed address space. The number of bits that the network portion may use depends on the
number of network that needs to be identified. Although a governing body allocates an
original address, the network portion of the address can be extended. To identify how many of
the address bits have been extended in the network portion of the address, a subnet mask is
used.
IP Addresses are classified into 5 classes:
Class A
Class B
Class C
1
Class D
Class E
* To identify the IP address which class does it belongs to the first

octet is considered.
Class A: 0 – 127 (128)
Total Networks = 126

Total Hosts = 16.77 millions
0 and 127 addresses are reserved.
* 0.0.0.0 is reserved for Global IP Address

* 127.0.0.0 is called as Loopback Address. Used for self testing purpose.
All the networking services in the Operating System run on the loopback address.
* Class A is used by the Large Organisations.
Class B: 128-191 (64)

Rule: The rule of Class B is the first 2 bits of octet are reserved as ‘1’&‘0’
Total Networks =
Total Hosts =
The 1st valid IP Address is 128.0.0.1 to 128.0.255.254 in a single network (255 is reserved for
broadcasting)
* Non of the values are reserved in class B.

* Used by the Large and Medium size Organisation.
Class C: 192-223 (32)
Rule: The rule of Class C is the first 3 bits of octet are reserved as ‘1’, ‘1’&‘0’
Total Networks =
Total Networks =
The 1st valid IP Address is 192.0.0.1 to 192.0.0.254 in a single network (255 is reserved for
broadcasting)
* Non of the values are reserved in class C.

* Used by Smaller Organisations.
Class D: 224-239 (16)
2
Rule: The rule of Class D is the first 4 bits of octet are reserved as ‘1’, ‘1’, ‘1’&‘0’
* Class D is reserved for News Groups & News agencies. Multicasting (one to group).
Class E: 240-255 (16)

Rule: The rule of Class E is the first 4 bits of octet are reserved as ‘1’, ‘1’, ‘1’&‘1’
* Class E is reserved for Research & Development.

# To identify the IP address to which class it belongs, we need to consider the 1st octet only.
3
TOPOLOGY
Topology means Layout of network (architecture)
5 Types of Topologies
1). Bus 2) Mesh 3) Ring 4) Star & 5) Tree
BUS Topology:
In bus topology all the PCs in the network are arranged in serial order. And all the PCs in the
network are connected to a single cable called as ‘Backbone’.
At the end of the network Terminators are used.
Coaxial cables, British Novell Connectors (BNC) & ‘T’ connectors are used.
Disadvantages: Even if a single PC fails the entire network goes down. It is very difficult to
rectify the problem.
CSMA/CD – Carrier Sense Multiple Access / Collision Detection
CSMA/CA – Carrier Sense Multiple Access / Collision Avoidance
MESH Topology:
In Mesh topology all the PCs in the network are directly connected to each other. In such a
case huge amount of traffic is created.
Advantages: Even a single PC fails, it doesn’t affect the network.
Disadvantages: Requires huge amount of investment.
Twisted pair cable & RJ 45 connectors are used.
RING Topology:
In Ring topology all the PCs in the network are logically connected in a circular format. Only
one PC at a point of time can transmit the data over the network and only when it receives the
token.
Advantages: For each and every data transmission over the network an acknowledgement is
given.
Disadvantages: If even a single PC fails the entire network goes down.
Coaxial cable & BNC connectors are used.
STAR Topology:
In Star topology all the PCs in the network are connected to a centralised device
(Hub/Switch). Differentiation of servers & clients can be quickly down. If any client machine
fails doesn’t effect to the network at all. Rectification of problems over the network can be
easily solved. It is an ease for the network administrator.
Twisted pair cables & RJ 45 connectors are used.
TREE Topology:
Combination of more then one topologies is called Tree topology.
Tree Topology is also called as Hybrid Topology.
4
WORKGROUP:
In workgroup model all the PCs in the network are independent. Where there is no centralised
database and centralised control.
There is no concept of server & client relationship.
There is lack of security.
The administrative job is too high.
DOMAIN:
In domain model each PC is dependent in the network. Where there is centralised control &
centralised database.
There is a concept of server & client relationship.
There is huge amount of security.
The administrative job is too easy.
Installation Steps for Windows 2003 Server

1. Insert the Windows 2003 server CD into the CDROM and restart the System
2. Press Del button on the keyboard to enter into BIOS.
3. Change the booting sequence to CDROM, Save & Restart.
4. While booting Prompts to ‘Press Any Key on the keyboard’. Press it within 6 seconds.
5. The initialization of Hardware starts.
6. Gives 3 options.  Press Enter to install,  Press R to repair &  Press F3 to Quit.
7. License Agreement appears. Accept the License Agreement by pressing F8.
8. Displays the partition table. Press C to create new partition.
9. Enter the Partition size by deleting the default size.
10. The partition table appears again, select the partition and press Enter
11. Displays the File System
12. Select NTFS and press Enter.
13. The format starts and copies the files into the partition.
14. Restart for the first time.
15. Enters into the second phase of installation.
16. Displays a window to choose the Keyboard and Language click the Next button.
17. Specify the Name and the Organisation Name in the text box and click the Next
button.
18. Specify the 25 Digit Product key and click the Next button.
19. Specify the Computer Name and the Administrator Password and click the Next
button.
20. Select the Licensing Mode and click the Next button.
21. Select the Date, Time, Location, and click the Next button.
22. The installation continues.
23. Select Typical settings in Network Settings Window and click the Next button.
24. Select the Workgroup in the Next Window and click the Next button.
25. The Installation Continues and Finishes.
5
ACTIVE DIRECTORY
Active Directory is a Directory service that contains information regarding User Accounts,
Computers and resources, resources are optional. Active Directory is a centralized database
and maintains hierarchical structure of Domains. Before 1974 each vendor were using their
own Protocols to design the software. In such case communication between the vendors was
not possible. NT 4.0 has a database size of 40 MB i.e. SAM database (Security Account
Manager). Each user created occupies 1KB of information in SAM. A maximum of 40,000
change users can be created in a single PDC. More than 40,000 change users can be created
on a single PDC, but the server performance goes down. Because the SAM database size is
fixed.
Windows 2000 as well as 2003 database size of Active Directory (NTDS.DIT) has 16 and 12
• Trust relationship between the domains with in the Forest accepts. But cross forest
relationship is not possible in Win 2000 (trust). Between two forests.
• Windows 2003 supports cross forest trust relationship.
Requirements for Active Directory installation.
1. Stand alone server

2. Static IP address
3. Require 200 MB free space with NTFS partition 5.0
4. Require Windows 2003 Sever CD
To Install Active Directory

Start -> Run -> dcpromo
A wizard appears – click next

A compatibility option appears – click next
2 options appear  create a new domain controller  create an additional domain controller
6
Select 1st option & click next.
Displays 3 options
 Create a new DC in the New Forest  Create a Child DC  Create a new Domain in the
existing forest
Select 1st option & click next

Specify the DNS domain name (eg: ccna.com) click Next
Displays the NetBIOS name – click next
Displays the path for NTDS folder. (C:\windows\NTDS) – Click Next
7
Displays the path for Sysvol folder (* All the replication information done with the help of
sysvol. * Sysvol folder will exists only on NTFS partition Ver 5.0)
Next – OK
Displays 3 options
 Perform the DNS Diagnostic  Install DNS & Config  Install DNS & don’t config
Select default and click Next

Select Permission compatible with Windows 2000 and 2003.
Click the Next button.

Prompts to give a password ( only for AD) Next
8
Click the Next button.
Displays the summary
Click Next – The installation starts.
RESTART
Typical setup of Domain Controllers
Domain Controller (DC)
-Preferred DNS same as IP Address
192.168.1.1
255.255.255.0
PreDNS 192.168.1.1
Additional Domain Controller (ADC)
192.168.1.2
9
255.255.255.0
PreDNS 192.168.1.1
Child Domain (CD)
192.168.1.3
255.255.255.0
PreDNS 192.168.1.1
New Domain in the Existing Forest (NDEF)
192.168.1.4
255.255.255.0
PreDNS 192.168.1.1
AddiDNS 192.168.1.4
Roles of Active Directory

There are 6 Roles for Active Directory.
1. Domain Naming Operation Master Forest wide Roles

2. Global Catalogue Server
3. Schema Master
4. RID – Relative Identifier

5. PDC Immolator Domain wide Roles
6. Infrastructure Master
1. Domain Naming Operation Master (DNOM): It maintains the uniqueness of domain name
in the entire forest. By default the DNOM is present on the root.
 At any point of time there can be only one DNOM in the entire forest.
To view the DNOM

Start  Prog Files  Admin tools  Active Directory Domains & Trusts
To change the role of DNOM

Start  Prog Files  Admin Tools  Active Directory Domains & Trusts
Right click ADDT and select ‘Connect to another Domain’
Click the browse button to select another domain to transfer the roles. Then click
2. Global Catalogue Server (GCS) : It maintains the total information of its Domain and
partial information of the other domains in the entire forest. By default the GCS is available
on the root (DC).
 There can be more than one GCS in the entire forest.
10
To view GCS
Start  Prog Files  Admin tools  Active Directory Sites & Services
Open sites (folder)  Default First Site Name  Open Servers  Open Computer
Name Right click on NTDS Settings. Go to properties.
Displays the G.C. with check box.
3. Schema Master (SM) : It maintains the total information of classes and attributes in the
entire forest. By default the schema master is available on the root (DC).
 At any point of time there can be only one schema master in the entire forest.
To view SM
Start  Run and type ‘regsvr32 schmmgmt.dll’ - press enter
Go to Start  Run type ‘mmc’ (Microsoft Management Console)
The console window opens
Click the file option
Select Add & Remove snapin.
A Window appears – Click the Add button.
In the list select AD Schema.
Click ADD button and click the close button OK button and OK again.
4. Relative Identifier Master (RID): Relative Identifier consist of pool of addresses. For every
newly created object an address will be specified by the RID master.
SID = RID + DID
(Security Identifier) (Domain Identifier)
By default the RID are available on the domains.

 At any point of time there can be only one RID master on the entire domain. (Parent /
Client)
5. Primary Domain Controller Immolator (PDCI): It immolates BDC as PDC through the
domain controller when it is Mixed Mode (Pre windows 2000 mode). PDCI also takes care of
password changes made by the users.
 At any point of time there can be only one PDCI in the entire domain. (Parent / Child).
6. Infrastructure Master (IM): It maintains the updations that are done to groups. Any user
added, deleted or moved the updation is going to be maintained by IM.
 At any point of time there can be one IM in the entire domain. (Parent / Child).
To see the three roles (RIDM, PDCI & IM) go to

Start  Programs  Admin Tools  Active Directory Users and Computers
Right click on the Domain Name and
Select Operations Master.
Displays the Roles
* Start  Run  ‘net accounts’
To Run Services  service.msc
11
Day 5
FUNCTIONAL LEVELS
Forest and Domain Functional Levels

 Functional level determines
- Supported domain controller operating system.
- Active Directory features available.
 Domain Functional levels can be raised independently of one another.

 Raising forest functional level is performed by Enterprise
Administrator
- Requires all domains to be a windows 2000 native or windows server 2003
functional levels.
Functional Levels are classified into two levels
 Domain Functional Level

 Forest Functional Level
Domain Functional Levels:

a) Windows 2000 Mixed Mode
b) Windows 2000 Native Mode
c) Windows 2003 Interim Mode
d) Windows 2003 Mode
a) Windows 2000 Mixed Mode:
Windows
2003
2000 NT
12
13
b) Window 2000 Native Mode
Windows
2003
2000 2000
c) Window 2003 Interim Mode
Windows
2003
2003 NT
d) Windows 2003 Mode
Windows
2003
2003 2003
14
Forest Function Level Domain Controller Supported
Windows 2000 (Default) Win NT 4.0, 2000, 2003 Server
Windows Server 2003 Interim Win NT 4.0, 2003 Server
Windows Server 2003 Server Family Win Server 2003 Family
Function Levels are important when you are planning to upgrade the operating system or for
establishing trust relationship.
To check Functional levels
1. Active Directory Domains & Trusts

2. Right Click on the domain name (Ex: zoom.com)
3. Click on the Function level or Forest Function Level
TRUST RELATIONSHIP
CISCO.COM (Trusting)
CHILD.CISCO.COM (Trusted)
 Secure Communication paths that allow security principals in one domain to be

authenticated and accepted in other domains.
 Some trusts are automatically created.
- Parent Child domains trust each other.
- Tree root domains trust forest root domains.
 Other trusts are manually created
 Forest – Forest transitive trust relationship can be created in windows 2003 forest
only.
15
Transitive Trust: In Transitive trust relationship Domain A trust Domain B, In the same way
Domain B trust Domain C and in the same way Domain C trust Domain A. This is called
Transitive Trust.
B C
Non Transitive Trust: Domain A trust Domain B, In the same way Domain B trusts
Domain C but Domain C will not trust Domain A. It is known as Non Transitive Trust
Relationship.
B C
One Way Incoming: Example
A1 Incoming
A2
A3 DatabaseServer
A4
Zoom.com Yahoo.com
Types of Trust:
Default: Two ways transitive trust Kerberos trusts (Intra-Forest)
Shortcut: One or two way transitive Kerberos trusts (Intra-Forest)

- Reduce Authentication requests.
Forest: One or two way transitive Kerberos trust

- Windows Server 2003 Forest – Windows 2000 does not support forest trusts.
16
- Only between Forest Roots
- Creates transitive domain relationship
External: One way Non-Transitive NTLM trusts.

- Used to connect to/from Windows NT or External 2000 domains
- Manually Created
REALM: One or two way non-transitive Kerberos trusts connect to/from UNIX MIT
Kerberos Realms.
Configuring Cross Forest Trust Relationship
IP Setting in 2 different domains
Satyam.com SBI.com
Root Domain Controller Root Domain Controller
IP: 10.0.0.1 IP: 10.0.0.2

PDNS: 10.0.0.1 PDNS: 10.0.0.2
SDNS: 10.0.0.2 SDNS: 10.0.0.1
1. In two different domains Assign alternate DNS as above given example.
2. To Raise the function levels domains as well as forest open the console
3. Active Directory Domain & Trusts.
4. Right Click on the Domain ( for Example: select the domain SBI.com and raise
domain function level from the list as Window Server 2003)
5. To raise forest function level right click on Active Directory Domains a& Forest Raise
forest function Level
6. Select windows Server 2003 and raise it.
7. Follow the same in other domain even to raise the function levels.
8. To establish a trust between two different forest for example in SBI.com open the
console Active Directory Domains & Trusts
9. Right Click on the domain SBI.com
10. Select next tab trust
11. And Click on new trust
17
12. Assign the DNS name of other domain for example satyam.com
13. Check Forest trust
14. Select 2 way
15. Check “Both this domain and specified Domain” > Next
16. Assign the credentials as admin & Password > Next
17. Check “Forest wide Authentication”
18. Check “Forest wide Authentication”
19. Next
20. Next
21. Next
22. Yes > Next
23. Yes > Next
24. Finish.
We have to give permissions from the server side also to logon.
1. To give permissions for users/ admin/ Groups

2. Admin Tools
3. Domain Controller security policy
4. Double Click Local Policies
5. User Right Assignment
6. Allow Logon Locally
7. Add user or group
8. Browse
9. Locations
10. Select the Other Domain
11. OK
12. Specify Administrator and Click on check names
13. OK
14. OK
15. OK
16. (To Update default policies) Start > Run > GPUPDATE
External Trust
It is non-transitive it is used to communicate with Windows Server 2003 to Lower Versions

like Win NT, Win 2000 server. It is also used to communicate between only two roots in the
forest,
18
REALM
It is used to communicate between windows 2003 server to Non Windows Operating system.
DIFFERENCE BETWEEN NT & 2003
WINDOWS NT WINDOWS 2000 & 2003

Protocol Used for Authorization
NTLM KERBEROS VERSION 5
It uses Netbios It uses DNS & Net Bios
It uses Primary Domain Controller & It uses Domain Controller & Additional
Backup Domain Controller Domain Controller
It Supports 40,000 Workstations It supports 1 Billion Work Stations
It uses Directory named SAM = Security It uses Directory named NTDC = New
Account Manager Technology Domain Controller.
Domain Represents Round Domain Represents Triangle
FLEXIBILITY
In Windows NT Primary Domain Controller is configured while installing Operating System.

And if we want to remove Primary Domain Controller we have to format the whole operating
system.
In Win 2000 & 2003

We have a flexibility of installing or Uninstalling Active Domain Server on the server
operating system.
DAY 6
PHYSICAL COMPONENTS
Logical Components of Window 2003 Server is Forest & Trees.
Physical Components:
 Domain Controllers
 Sites
Domain Controller is a system which is loaded with Active Directory Services in Windows
2000 or Windows 2003 server operating system.
- Stores Replicas of Active Directory Database.

- Associated with given site.
Sites are areas of good connectivity it is one of the Physical component of the Active
Directory Services.
Sites are associated with subnet mask. Subnet Mask is a Sub Division of IP Network.
19
A Site can span multiple domains. A domain can span multiple sites.
Example for Sites:
INDIA USA
Servers Servers
DC WAN LINK DC
Clients Clients
REPLICATION TOPOLOGY
They are classified into 2 sites
1. Intra Site Replication

2. Inter Site Replication
Intra Site Replication: The replication which is taking place within a single site between DC
to ADC is called Inter Site Replication.
For Replication KCC (Knowledge Consistency Checker) service is responsible.
Inter Site Replication: The Replication which is taking place between 2 different sites is
called Inter Site Replication.
BRIDGE HEAD SERVER: The server is responsible for gathering the information from one
Domain Controller. So that it can replicate to another Domain Controller (ADC)
By Default DC & ADC serves will get updated in default first site name. In site by default
one site link also configured.
Configuring Sites:
1. To create sites open the console.

2. Active Directory sites & services.
3. Expand Sites
4. Right Click on site folder
5. New Site
6. Mention the name of the site
7. And Select Default site link
8. ok
9. To Add the servers expand the newly created sight default first sight name Expand
servers.
10. Right click on the server
20
11. Select and move from the list select new site
12. OK
13. Create one more site by following the same steps
TO CONFIGURE SITE LINKS
1. Expand Inter site transport

2. Right Click on IP
3. Select New site link
4. Specify the name of the site link
5. Add them in the list
6. Ok
TO SET THE REPLICATION SCHEDULE
1. Select IP Folder
2. Double click newly created site link
3. Click on change schedule
4. set the schedule
ACTIVE DIRECTORY PARTITIONS
NTDS
NTDS.DIT
SCHEMA CONFIGURATION DOMAIN APPLICATION
Active Directory Service Database is stored in NTDS.DIT. This database further logically
divided into four partitions.
1. Schema Partition
2. Configuration Partition
3. Domain Partition
4. Application Partition
1. Schema Partition: Schema is a design or architecture of Active Directory, where it is

built on. It provides set of rules to create or manipulate different objects only schema
administrators can modify the schema. You can modify schema partition only when
you are planning to upgrading or installing the Operating system or applications,
which is replicating to Additional Domain Controller.
Schema is also known as forest wide replication.
21
2. Configuration Partition: It is one of the logical partition which maintains the
information about structure of the forest. It contains information like Domain
Controller, Sites, Sites Links and Trust relationship.
Configuration partition is the road map of Active Directory because of which users are
easily able to locate network objects. It is also called forest wide replication.
3. Domain Partition: Will maintain the information about domains specific objects. It is a
domain wide replication
4. Application Partition: It is configurable partition either it can be forest wide
replication or Domain wide replication. It maintains the information about the DNS.
Joining Client to the Domain

To convert work group to a client (windows XP)
Login as administrator in Win XP.

Right click on My Computer  Properties
In the options select Computer Name
Click the ‘Change’ button.
Select the ‘Domain’ option and specify the Domain Name. Click apply, OK.
Prompts for Domain Administrator User & Password.
Gives the configuration that it has successfully connected.
Restart the Machine.
To convert work group as Member Server
Login as Administrator in Windows 2003 server operating system.

Right click on My Computer  Properties
In the options select Computer Name
Click the ‘Change’ button.
Select the ‘Domain’ option and specify the Domain Name. Click apply, OK.
Prompts for Domain Administrator User & Password.
Gives the configuration that it has successfully connected.
Restart the Machine.
 A Member server can act as a server as well as client. If the user login it behaves as a
client. If Administrator logs in, it behaves as a server.
22
Active Directory Users & Groups
There are 2 types of users
1) Local User and 2) Domain User
1. Local User: Local users are created on the client machines as well as on Member
Server. A local user cannot access all the resources in the network. A local user cannot
login onto multiple systems. He can login where account exists. A local user account
is also called as the temporary account.
2. Domain User: The domain users are created on the domain controller. The domain
user account can access any resources on the entire network. A domain user account
can be created even on a Member Server, by login as Domain Administrator. To create
– Start  Run  dsa.msc A Domain User and Client window appears. Now you can
create user accounts.
To create a Local User Account

Login as administrator on the client machine or on the member server.
Right click on My Computers.
Select manage.
A System Management window appears.
Open local Users & Groups folder.
Right click on the user folder and select new user (same as groups)
23
To create a Domain User Account
Login as Administrator on the Domain Controller.
Start Programs  Admin Tools  Active Directory Users and Computers
Right click on the user folder
Select new option and select new user.
24
To create Domain User Accounts on Windows 2003 server. The minimum requirement is the
password is must and should be minimum of 7 characters, which includes alphabets, special
characters and numeric numbers).
3 Types of Group scopes are:

1) Domain Local Group 2) Global Group (Default) 3) Universal Group
1) Domain Local Group: Users and groups of the domain can be added as well as users and
groups of the other domains also can be added but resources of the domain only can be
accessed.
2) Global Groups: This is the default group. Users and groups of the domain can only be
added into the Global Group but can access any resources in the entire forest.
3) Universal Group: Users and groups of the domain can be added as well as users and
groups of the other domain can also be added into the Universal Group and also can access
any resources any in the entire forest. The Universal Group is available in Windows 2000 and
Windows 2003 Servers only.
2 Types of Groups
1) Security Group & 2) Distribution Group
1) Security Group: To a security group Permissions can be applied, in such a case certain
mailing services will not function properly.
2) Distribution Group: To a Distribution Group Permissions can be applied, in such a case

all mailing services will function properly.
Permissions
Permissions are of 2 types.
1) Security Permissions & 2) Shared Permissions
 Shared Permissions are the permissions that are applied over the network.
 Security permissions are the permissions that are applied within a local machine.
 Out of both these permissions Security plays major role. The permissions are of 2
‘Allow’ and ‘Deny’. Deny has highest priority rather than ‘Allow’.
 The Default Permissions in Windows 2003 Server is everyone with Read only
permission in both Security and sharing permission.
 The combination of permissions that are applied in both Sharing and Security will take
effect over the network. For example if Read and Write Permission are given in
Security and Read Permission are given sharing then only Read Permission will apply
over the network.
25
The permissions that are present in Sharing are:
Access Deny
Full Control
Change
Read
The permissions that are present in Security are:
Access Deny
Full Control
Modify
List of Contents
Read & Exicute
Read
Write
Assigning shares on FAT & NTFS partition
1. Select a folder
2. Right Click the folder Select “Sharing”
3. Select “ Share this folder “ option
4. Specify a Unique Share Name in the “Share Name” Dialog box
26
Assigning SHARE permissions on FAT & NTFS partition
1. After assigning a share click “Permissions” Button.
2. Click Add.
3. From the list Select the Users/Groups you want to assign Permissions 
Click Add  Click OK
4. In the Permissions window Select each User/Group and assign

permissions
Assigning NTFS permissions to a folder on NTFS partition
1. Right Click a Folder (on NTFS)  Select Properties
2. Select the ‘Security’ Tab
27
3. Deselect the check box at the bottom of the windows “Allow inheritable
permissions from parent to propagate to this object” and select
“Remove”
4. Click Add
5. Select the Users/groups you want to assign permissions  Click Add 

Click OK
6. Highlight the User/Group and assign permissions individually
PROFILES
Profile is nothing but user personal information which consists of Desktop, Start menu,
Application Data, My Documents etc.
By default even an administrator can’t view it on certain profile (Roaming Profile).
There are 3 types of Profiles in Windows 2003
1. Local Profile 2. Roaming Profile 3. Mandatory Profile
1. Local Profile: By default each and every user has a local profile automatically created. A
local profile will be saved on the local Hard disk of the PC. A local profile user can’t carry his
profile where ever he logs in the entire network. A profile will be available on the particular
system itself.
* A Local Profile can be upgraded to Roaming Profile user. A Local Profile can not be
upgraded to Mandatory Profile directly.
28
2. Roaming Profile: A roaming profile user can carry his profile wherever he logs in the
entire network. Because the profile is saved on the server. Whenever the user login on a
particular machine in the network the profile is downloaded from the server.
* A Roaming Profile user can be degraded back to Local Profile user.
* Roaming Profile user can be upgraded to Mandatory Profile user.
3. Mandatory Profile: A mandatory profile user can’t save any information in his profile.
Because this profile has read-only permission.
* A Mandatory Profile user can be converted to Local Profile user.
* A Mandatory Profile user can be converted back to Roaming Profile user.
To convert the user from a Local Profile to Roaming Profile:
Create a shared folder on the Domain Controller (Server)

Set the permissions as user with Full Control (i.e. Shared and Security)
Go to Start  Programs  Administrative Tools  Active Directory Users and Computers
Select the User and right click  Properties. Go to Profile tab and specify the profile path.
\\computer name \share folder name\ user name.
Apply, OK.
Log in as user on the client side to view the profile. Right click on the ‘My Computer’
properties. In the options select Advance and click settings button in the user profile. Displays
the type of profile.
• The profile will be updated only when the user logs off.
To convert Roaming Profile to Mandatory Profile:
Open the shared folder on the Domain Controller (Server)

Right click on the user folder  Properties. In the options select ‘Securities’ click on
‘Advance’ button. Select ‘Owners’ in the list.
Select ‘Administrators Group’
Check the option ‘Replace owners sub contents & objects’.
Apply, OK.
Open a user folder. There is a hidden file called as ‘NT USER.DAT’. Rename it to ‘NT
USER.MAN’.
29
Go back to the shared folder. Right click  Properties. Select the security option. Click on
‘Advance’ button and check the box ‘Allow Inherit permission to all child……….
Click Apply, OK.
Distributed File System (DFS)

DFS brings all the shared folders in the networks which are required to a centralized location
called as the root. Because shared folders are widely distributed across network, administrator
face growing problems as they try to keep users connected to the data they need. The
Distributed file system (Dfs) provides a mechanism for administrators to create logical views
of directories and files, regardless of where those files physically reside in the network. Fault
tolerance of network storage resources is also possible using Dfs.
To a single server in Windows 2000 DFS only one root can exist, but in 2003 DFS on a single
server multiple roots can exists.
For each link in DFS a maximum of 31 targets (backup) can be created.
Backup for the root is called as a ‘root target’. A maximum of 31 root targets can be created.
The root as well as root targets can be created only on the server’s operating system.
Using the Dfs Administrator Tool
This step-by step guide describes how to use the Dfs Administrator snap-in. Installation of the
Dfs service takes place automatically during Windows 2003 Server Setup. How ever, You
must configure Dfs in order for a Dfs share to be accessible to be accessible to clients.
Domain Managing Root Link

Link Root Controller Server Target Target
Move on to the Domain Controller.
To create a Root
1. Click Start  Programs  Administrative tools  Distributed file system
2. Select Distributed file system  Right Click Distributed File System and
select New Root
30
3. On the Dfs Root Wizard Click Next
4. Select the type of Dfs Root you want to create (Domain / Standalone) 
click Next(The Steps are based on Selecting the Domain Based Dfs).
5. Select the Host Domain for the Dfs Root  Click Next
6. Enter the Server Name that will Host the Dfs Root in the Domain  Click Next
7. Specify the Dfs Root Name and Click Next
8. Enter the full path of the Shared Folder that is created  and Click Next
9. Click  Finish
To create Link
2. Right Click On the Existing Dfs Root  Select New Link
3. In “New Link” window Enter the Name of the Link that appears to user
4. In “Path to target(shared folder)” text box give UNC path of the

shared folder that has to be linked to the above link name
5. Enter a comment for the Link
6. Specify the time until which the REFERRAL (Original location) of the link is
cached by the client computer  click OK
31
To create the Root Targets (on DC)
2. Right Click On the Existing Dfs Root  Select New Root Target
3. On the “ Host Server” page, verify that your Server’s name is listed and click
NEXT.
4. On the “Specify the DFS root share” page, click Create a new Share.
5. In the path to Share box, type the path for the shared folder you want to
create. And click NEXT.( A message appears indicating that the folder does not
exist) click Yes to create the folder.
6. In the “share name” box, type the share name you want and then click Finish.
To create a Link Target:
2. Right Click On the Dfs link for which you want to create a new replica, and then
click New Replica
32
3. In the “Add a New Replica” dialog box, Click Browse to select the shared folder
for the new replica and click OK (Note: Each Dfs link can have upto 32 replicas).
Setting up Configure Replication
Steps:
1. Open Distributed File System.
2. Right-click a Dfs root or Dfs link, and then click Configure Replication.
3. A Wizard appires click Next Select the Root path for the root and Link path
for the link Click Next Select the Topology Click Finish.
33
GROUP POLICIES
Group Policies are nothing but allowing / denying policies to the users. There are more than
1000 policies that can be given to a single. These policies are divided in to 1) Computer
configuration and 2) User configuration.
1) Computer Configuration: Though computer configuration the policies are

given to systems. The policies will take effect in computer configuration only
when the PCs are restarted.
2) User Configuration: In user configuration policies are given to users. The
policies take effect only when the user logoff and login again.
To create an Organisational Unit (OU):

Right click on Domain Name and
In the options select New  Organisational Unit. A window appears.
You have to specify the name for OU. Then click OK.
To apply a Group Policy object to Organisational Unit:

Right click on OU select Properties.
In the options select Group Policy
Click the New button to create a new policy
Rename the default name with specific name.
Select the Policy and click Edit button.
The Group Policy edit window appears.
Go to User Configuration and open Administrative Templates folder
Open the Desktop folder (you can select which ever you want to set the policy)
Select a policy on right side of the screen.
Right click and go to Properties
 Not configured  Enable  Disable
Select Enable option and click Apply and OK.
To apply a Group Policy at Domain level:

Right click on Domain name and go to Properties.
In the options select Group Policies
To do the Password policy:

Select the default domain policy and click the Edit button
Group Policy window appears
34
Go to Computer configuration  open Windows Settings  Security settings 
Accounts Policies  Password Policy
Select the policy with the name ‘ Minimum Password length’. Right click and go to
Properties, change the value to ‘0’. Click apply and OK.
Select another policy with the name ‘password must meet the complexity
requirement’.
Right click and go to Properties. Select ‘Disable’ option. Apply. OK.
Start  Run  gpupdate
To give a policy at the Site level:

Start  Programs  Admin Tools  Active Directory Sites and Services
Open Sites folder
Right click on the default 1st site name & go to Properties
Click the New button to create a new policy
Rename the default name with specific name.
Select the Policy and click Edit button.
The Group Policy edit window appears.
Go to User Configuration and open Administrative Templates folder
Open the Desktop folder (you can select which ever you want to set the policy)
Select a policy on right side of the screen.
Right click and go to Properties
 Not configured  Enable  Disable
Select Enable option and click Apply and OK.
Folder Redirection:
Folder Redirection used to redirect a part of the users profile to the server.
To do the folder redirection:

Create a shared folder on the server and set the permissions (Shared & Security).
Start  Programs  Admin Tools  Active Directory Sites and Services
Right click on the OU and go to Properties.
Create a new policy by clicking on new button.
Rename the policy as Folder Redirection (to understand easily)
Select the created policy and click on Edit button.
The Group Policy Edit window appears.
Select User Configuration  Windows Settings  Redirection Folder
(4 options: Application Data, Start Menu, My Documents & Desktop)
Select Desktop folder and go to Properties, a window appears.
Target Settings 2 list items (Basic Redirection-User) and Advance Redirection-
Groups)
Select Basic Redirection
Another dropdown list box appears. Select ‘Redirect to following location’
Specify the path (\\computername\share folder name\ user name) Apply. OK.
Scripts
35
Scripts are used to intimate the users what tasks should be performed at regular intervals.
These scripts can be given not only to users but also to systems.
The scripts that are given to users are – Login & Logoff scripts.
The scripts that are given to computers are – Start up & Shutdown scripts.
To create a script:
Open Notepad and type
Wscript.echo “Welcome to ….”
Save the file as *.vbs (Generally save the file in drives)
Right click on the file and select copy.
Right click on Organisational Unit and go to Properties.
In the options select Group Policy.
Create a new policy and give appropriate name and click on Edit button.
Group Policy edit window appears.
User Configuration  Windows Settings  open Scripts folder
Select Login and go to Properties
Click add button a window appears to open/select the script file.
Click on browse in the open window paste the copied script file.
Ok Apply, OK.
Software Deployment
Software Deployment is used to deploy the software over the network through the server.
Group policy doesn’t support .exe extension software’s over the network. Because if an
application is installed through an exe on a particular system each and every user in the
network access the application. To deploy the software over the network through group policy
the software extensions must be either .zap or .msi (Microsoft Installation). Through group
policy the software’s can be deployed in 2 ways. 1. Publish and 2. Assign. There is also an
additional option called as advanced. Through this option only service packs and patches can
be deployed to already deployed software. Through advanced option new software’s cannot
be deployed.
To convert .exe to .zap:

Create a shared folder on the drive and set the permissions (shared and security).
Past the exe software into shared folder.
Open Notepad and type the following.
[Application]
Friendlyname = “name of the software”
Setupcommand =”\\computername\sharedfoldername\softwarename.exe”
Save the file in the shared folder, with the name .zap
- .zap extension applications supports only publish in Group policy.
Start  Programs  Administrative Tools  Active Directory Users and Computers
In the options select Group policy.
Create New policy by clicking new button and rename with specific name.
Select the policy and click on Edit button.
36
The Group policy edit window appears.
In User Configuration  Software Settings.
Right click on software installation select option ‘New package’
Select the .zap extension file through the network path. Click Ok
3 options will be shown. By default Publish will be selected. Click OK
The entry will be available in the Software Installation file.
Login as user  Control Panel  Add & Remove Programs

Click on Add New Program. Displays the software to install.
Click the Add button to install the software.
To convert .exe to .msi
To convert .exe to .msi is applications a third party tool is required. i.e. ‘winstillle’ (Veritas).
Install the winstillle software on the server machine.

Create a shared folder on the server and set the permissions.
Paste the exe file in the shared folder.
Start  Programs  Varitas software.
Select varitas discover
By default before snapshot. A wizard appears click next
Specify the relevant name to deploy the software.
Specify the path where .msi file should be saved (shared folder) Click Next.
Displays the drives. Select the drive where the Operating System is present. Generally ‘C:’
Click >> button to add the drive to the right side of the box. Click Next.
Displays all files and folders of the drive where it performs the scan. Click Next.
Before the snapshot starts finally gives the confirmation completion of snapshot.
A window appears, Select .exe file and click Open button and install the application.
To perform after snapshot

Start  Programs  Varitas software  varitas discovers Click Next
Select default before/after snapshot.
The after snapshot starts. Click Ok.
Finally gives the confirmation after snapshot.
Now .msi file is available for deploying the software.
--Deployment can be done as .zap
Start  Programs  Administrative Tools  Active Directory Users and Computers
In the options select Group policy.
Create New policy by clicking new button and rename with specific name.
Select the policy and click on Edit button.
The Group policy edit window appears.
In User Configuration  Software Settings.
Right click on software installation select option ‘New package’
Select the .msi extension file through the network path. Click Ok
3 options will be shown.
Select ‘Assign’. Click OK
The entry will be available in the Software Installation file
37
To Change the Shutdown Event:
Start  Run  gpedit.msc
Computer Configuration  Administrative Templates  System
Edit: Display Shutdown Event ……… (On the right side)
Printer
A printer device is an equipment that generates hardcopy from the softcopy. Printer device
has become an essential equipment in the network. There are generally three flowers of
printer devices available in the market they are
DOT Matrix INK-JET LASER

Cost 7000/- 2,200/- 8,000/-
Ribbon 20/- Cartridge 400/- Toner 2,500/-
Print pages 1000 500 3000
Maintenance No Yes Yes
Pages/Min. 3/4 10/12 16/18
Port LPT LPT/USB LPT/USB/IEEE 802.3
There are 2 types of Printer devices.

1. Local Printer Device & 2) Network Printer Device
1. Local Printer Device: These are connected to the PC directly and PC is connected to
the network. That means the local printer devices are system dependent. A local
printer devices are easily portable. These are easy to install and configure. These
printers are connected through two ports of the machine, LPT/USB. The buffer size in
the local printer device is less, around 2 to 8 MB.
2. Network Printer Device: These are directly connected the Hub/Switch. Because
these printer devices have inbuilt NIC card. That means they are system independent.
The network printer devices are very huge in size, and they are difficult in order to
transport. But the performance of these printers is excellent. The network printer
devices are too costly. And they are difficult in installation and configuration. The
buffer size in a Network Printer Device is huge, around 32MB, 64MB, 128MB.
Network printer device installation:

Start  Run  type \\<IP Address> of the system where the printer device is
connected.
It displays all shared resources.
Select printer icon and double the icon the network printer driver gets installed in the
Machine.
Separator Page:
38
The separator page gives an identity that the printout belongs to a particular department. And
all the printer devices doesn’t support separator page, only certain versions of printer devices
supports. By default the separator Pages are available in the following path
C:\Windows\system32\pcl.sep and more.
For each and every printer device only one separator page can be set.
To create new/own separator page:
Open notepad and type the following.

\
\L\U “IT Department”
\E
Save the file with any name .sep in system32 folder.
To set the separator page:
Start  Settings  Printers & faxes

Right click on the printer device and go to Properties.
In the options select Advance.
Click the Separator Page button
Click the browse button.
Select the Separate Page. Click OK, OK. OK
To set the Priority Level:

Start  Settings  Printers & Faxes
Right click on Printer Devices and go to Properties.
Select Advanced and Specify the Priority Level (default is 1)
You can set the priority level from 1 to 99. Apply, OK
For each Printer Device only one Priority Level can be set.
There are three different types of Printouts that can be taken through a Printer Device they are
1) Local Printout
2) Network Printout
3) Internet Printout
1. Local Printout: Local printouts are taken on the printer device to which the system is
connected locally. To take a local printout there is no need of a Network.
BACKUP
Backup is nothing but creating copies for the existing data. This backup varies depending
upon the organisations. Backups can be taken not only on folders and files but even of Active
Directory. The general media that is used and specifically designed for backup is Tape Drives.
In Windows NT 4.0 backups can be taken only on tape drives, where there is no alternatives
39
to take backup. This problem is solved in Windows 2000 and 2003 backups, where backup
can be taken on any media. Eg: CD, HDD, Tape Drive, Pen Drive, Zip Drive etc.
Backups are of 5 types:

1. Normal Backup
2. Copy Backup
3. Incremental Backup
4. Differential Backup
5. Daily Backup
1). Normal Backup: Through Normal Backup it takes each and every file as backup. Even
though the files are already been taken backup takes all files. Once the normal backup is taken
it uncheck the Archive bits for the files. Normal backup is a time consuming backup as well
as restoring also. Generally the normal backups are taken either on the 1st day of the week or
the 1st day of the month.
2). Incremental Backup: Though Incremental Backup it takes newly created files and
modified files only. The incremental backup is generally used by the banking & financial
sector where the accounts closed at the end of the day. These backups are taken every day
separately. Incremental backup is not a time consuming process. Restoring multiple
incremental backup is a time consuming process. Once the incremental backup is taken it
unchecked the Archive bits for the file.
3). Differential Backup: Through differential backups newly created files, modified files and
previous differential backup files are taken. Taking differential backup is a time consuming
process as duration exceeds (day by day). But the restore is done faster. Differential backup is
generally used by general sector where they close their accounts at the end of the month.
Differential backup is used when multiple copies exists in the last backup. Once the
differential backup is taken it doesn’t uncheck the Archive bit.
System State Backup:
System state backup is backup of Active Directory. Taking system state backup is as same as
the previous topics. The difference is restoring in system state backup.
There are 2 types of restores for system state backup.

1) Authoritative 2) Non-authoritative
1) Authoritative: Authoritative restore is done when there is replication between the

domains. The Authoritative restore is used to Update Sequence Number (USN). For
every object create or delete, it updates USN value.
2) Non-authoritative: Non-authoritative restore is done when there is no replication
between the domains.
To restore the system state backup:
Restart the machine and press F8 after the POST (Power On Self Test) operation is over.
A menu appears. In the menu select Directory service Mode (Active Directory restores
Mode).
The Login screen appears.
In the login screen type Administrator as User name and password of Active Directory.
After you have done restore the backup first.
After the backup is restored it prompts whether to restart the machine or not.
40
If you click Yes button indicated that it is a Non-authoritative and by clicking No button
indicates that it is authoritative mode.
After clicking No button, go to command prompt.
Start  Run  type cmd
:ntdsutil
:authoritative restore
:restore subtree cn=username,ou=Organisation Name,dc=Domain Name,dc=com
Asks for the confirmation whether to authoritative or not.
Click Yes button
Finally gives the confirmation, one entry is successfully updated.
OR
To restore entire database for Active Directory
:restore database
Click Yes & restart.
NETWORK ADMINISTRATION
DHCP (Dynamic Host Configuration Protocol)
DHCP server is used to assign dynamic IP address to the client machine (not to servers).
Assigning multiple systems with static IP addresses, the 4 major problems are:
1) IP Conflict
2) Different network IP address
3) Not assigning IP address to a client machine
4) Time
DHCP server is also present in Windows NT 4.0, but the major drawback of security feature
in Windows NT 4.0 DHCP is no authorisation concept. As this concept is used in Windows
2000 and 2003 DHCP server. Only the root administrator can do the authorisation in DHCP
server. Without authorising the DHCP severs it cannot issue the DHCP IP address.
The features of DHCP server are:

1) Scope
2) Super Scope
3) Multicast Scope
4) Reservations
5) Scope & Server options
6) DHCP Backup & Restore
Scope: Scope consists range of IP addresses belonging to a single network. A scope cannot
have multiple network IP addresses. We can have multiple scopes in DHCP servers.
Range: Range is nothing but pool of IP addresses.
Super Scope: Clubbing more than one scope into a super scope such that different network IP
address can be issued.
Multicast Scope: Multicast Scope is used to assign to a range of IP addresses from Class D
networks.
Reservations: Reservations are nothing but assigning dynamically static IP addresses. To do
the Reservations in DHCP we require the clients NIC card’s MAC (Media Access Control)
address.
41
To assign the Reservations.
Start  Programs  Administrative tools  DHCP
Open the scope. Right click on Reservations and select New Reservations.
Specify the name to the Reservations.
Specify an IP address.
Specify the default option. Click Next. (0. both 0. 0. )
Finish.
Scope & Server Options: Specifying the information of the servers present in the network. It
is specified for a particular scope it called as Scope Option. If it should specified to entire
DHCP specify it in the server options.
DHCP Backup & Restore: The configurations that are done to DHCP can be taken as
backup through the DHCP server itself and also it can be restored through the DHCP server
itself.
Right click on the Computer Name (in DHCP). Select Backup option
Requirement of DHCP Server.
1) Standalone Server (DC and Member server)

2) Static IP Address for Server.
To Install DHCP server:

Start  Settings  Control Panel  Add Remove Programs  Add Remove
Components
Scroll down the list select Networking Services and click details and select DHCP.
To authorise DHCP:
Start  Programs  Administrative Tools  DHCP
Right click on the Computer Name and Select Authorise.
Arrow in upward in Red in color is not authorise
Arrow in upward in Green in color is authorise
To configure Scope:
Right click on Computer name and Select Scope.
A wizard appears, Click Next.
Specify a name to Scope and Click Next
Specify a range of IP addresses with a single network, Click Next.
Specify an exclusion range if required, Click Next.
Displays the least period with duration of 8 days, Click Next.
Gives 2 options.
 To Configure scope options Now  To Configure scope options Later
Select the default Click Next.
Specify the Router information if present, Click Next.
Specify the DNS server information, Click Next.
Specify the WINS servers information if required, Click Next.
Displays 2 options.
 Activate Scope Now  Activate Scope Later
42
Select the default Click Next. & Finish
To Configure Super Scope:

Right click on computer name and Select Super Scope.
A Wizard appears, Click Next.
Specify a name to Super Scope, Click Next.
Select the Scopes and Add
Click Next & Finish.
If an Administrator is sitting on client side go to the command prompt and type,

: ipconfig /release
0.0.0.0
: ipconfig /renew
‘ the new dynamic IP address displays.
DNS (Domain Naming System)
Root
ROOT
ISP - DNS
Com Org Net
TOP
LEVEL
DOMAINS
Local - DNS
Yahoo Sify
SECOND LEVEL DOMAINS
User Browser
Mail Chat
SUB DOMAINS
DNS is used to resolve the host name to IP addresses and IP addresses back to host name.
DNS servers has 2 types of zones.
1) Forward Lookup Zone & 2) Reverse Lookup Zone
Forward Lookup Zone: It is used to resolve the host name to IP addresses. There can be
multiple Forward Lookup Zones on a single IP address. Forward Lookup Zone consists of
SOA (Start of Authority), NS (Naming System), Host, Alias etc. (And resource records are
available only on the domain zone)
Service Records: Service records consist of LADP, Kerberos, Global Catalogue,
Domain Name, TCP, UDP etc. (6 folders in 2003). These resource records are
available only for the domain zones.
43
Reverse Lookup Zone: It is used to resolve IP addresses back to host names. There can be
only one Reverse Lookup Zone to the entire network. But it can consist of multiple pointers.
Forward Lookup Zone: There are 3 types of zones in Forward Lookup Zone.
1) Primary Zone 2) Secondary Zone & 3) Stub Zone.
Primary Zone: A Primary Zone is a master copy created in the DNS.

NOTE: Primary Zone can be created either with Active Directory integrator or without Active
Directory integrator.
With Active Directory integrator: If a primary zone is created with Active Directory
integrated the zone file is saved in the Active Directory Data Store. The Administrator cannot
make any modifications to the zone.
Without Active Directory integrator: If a primary zone is created without Active Directory
integrated the zone file is saved in the DNS folder. The Administrator can make the
modifications to the zone file.
Secondary Zone: Secondary Zone is a copy (backup) and is used to copy the Primary zone.
There can be multiple Secondary Zones to a single Primary Zone, but the Secondary Zone
must not exist where Primary zone already exists. Secondary Zone maintains the total
information of the Primary zone.
Stub Zone: Stub Zone is also a copy of Primary zone but Stub Zone maintains only 3 records
information of the Domain zone or 2 records of the other zones. The 3 records are 1) SOA, 2)
NS and 3) Host. Stub Zone is available only in windows 2003 DNS server.
Requirements for DNS server:

1. Standalone server (Domain controller / Member server) It is recommended to install in
Member server for load balancing.
2. Static IP address
3. Windows 2003 Server CD
To Install DNS:
Start  Control Panel Add / Remove Programs  Add/Remove Windows components.
Scroll down the list and Select Networking components.
Select details and Check DNS …OK
(Insert Windows 2003 Server CD, when prompted. - Finish)
To Configure Primary Zone (with Active Directory integrated)

Start  Programs  Administrative Tools  DNS
Right Click on the Forward Lookup Zone and select New Zone. A wizard appears Click Next
3 Options will be displayed.
 Primary Zone  Secondary Zone  Stub Zone
At the bottom  With Active Directory
Select default Click Next.
Specify a Host Name to Zone (eg: ccna.com, mcse.com etc.) Click Next
Specify a name to the Zone Click Next
3 Options will be displayed:
 Don’t dynamic update  Allow dynamic update secure  Allow dynamic update
secure & non-secure
Select default and Click Next & Finish.
If the service records are not viewable in the domain zone:
44
Start  Programs  Administrative Tools  Services (need to restart 2 services)
1) Net logon 2) DNS server service
Now you can find 6 Folders / Service Records
If the Domain Zone is created without Active Directory integrated. (DC system)
Open ‘My Computer’ C (where the OS is existing)  Windows  System32  open
‘Config’ folder.
Select and open ‘netlog.dns’ file in the Notepad. Copy the entire content and close Notepad.
Now (In DNS system)

Open ‘My Computer’ C (where the OS is existing)  Windows  System32  open
‘DNS’ folder select the zone file and open in Notepad and paste the content at the bottom of
the notepad, save & close.
Start  Programs  Administrative Tools  Services (need to restart 2 services)

1) Net logon 2) DNS server service
Creating a Secondary Zone:

Move on to different PC where DNS is installed.
Right Click on the Forward Lookup Zone  Select New Zone.
A wizard appears Click Next.
In the Options select the Secondary Zone, Click Next
Specify the Zone Name. Click Next (Same name)
Specify the IP Address where the Primary Zone exists, click Add button. Click Next & Finish.
Move back to Primary Zone PC.

Right click on zone and go to Properties.
In the options select Zone Transfer and check it. Apply and OK.
To get the Resource Records of the Domain Zone on the Member Server.
First share the ‘Config’ Folder in the DC.
Restart the ‘Net logon’ service on Dc & DNS server service on the Member server.
To Create a new Reverse Lookup Zone

Right Click on Reverse Lookup Zone and Select New Reverse Lookup Zone
A wizard appears, Click Next.
Displays 3 Options: Select Primary Zone (default) Click Next.
Gives 3 Options again, Select 2nd option (default) Click Next
Specify the Network ID (192.168.1) Click Next & Finish.
To Create a Pointer in Reverse Lookup Zone

Right Click on the newly created Reverse Lookup Zone and Select ‘New Pointer’
Specify the Host ID.
Click the browse button to select the zone in the Forward Lookup Zone host file. OK
To find out the out put, type at command prompt - : nslookup 192.168.1.1
45
Six Important Roles of DNS:
1) Disable Recursion 2) Bind Secondary 3) Secure Cache against Pollution

4) Round robin 5) Net mast Ordering 6) Fail on Load if bad zone data.
1) Disable Recursion: If a query is passed on to the DNS server, the DNS server tries to
resolve the query by searching multiple number of times. By default this option is
unchecked. If this option is checked then the DNS server tries to resolve the query
once.
2) Bind Secondary: If a query is passed on to the primary zone, if it is unable to solve it
sends the query to the secondary zone. On certain circumstances if this option is
unchecked, it doesn’t even allow to create a secondary zone. By default this option is
checked.
3) Secure Cache against Pollution: When a website is visited we find multiple link sites
getting opened. By default DNS cache saves all the information where pollution is
created. And also if a website is visited enough it saves the information in C:. After
certain duration the same site is visited again, in such a case the NS makes 2 entries
where pollution is created. To solve this problem check the option.
4) Round robin: When there are multiple web servers with a single host name but
different IP addresses. The DNS server send the query to all the web serves till any
one of the server resolves the query. By default this option is checked. If the option is
unchecked sends the query to the 1st web severs only.
5) Enable Net mask ordering: If a single sever have multiple network adaptors then the
DNS sends the query to the respective NIC card only. Because by default this option is
checked. If this option is unchecked then it functions in Round robin format.
6) Fail on Load if bad zone data: If a zone has multiple records if any one of the record
is bad, it doesn’t stop the functioning of the zone. Because by default this option is
unchecked. If this option is checked if any one of the zone file is bad then it disables
the entire zone itself.
To find out these six roles:

Right Click on the computer Name & go to Properties.
In the options select the advance.
Displays the 6 Roles.
There are 2 types of queries in DNS

1) Recursive Query 2) Interactive Query
Recursive Query: If a client sends a query to DNS it is called as Recursive Query
Interactive Query: If a DNS sends a query to another DNS server is called as Interactive
Query
What is the Integrating DNS and Active Directory
46
An Active Directory-integrated zone can be defined as an improved version of a primary DNS
zone because it can use multi-master replication and the security features of Active Directory.
The zone data of Active Directory-integrated zones are stored in Active Directory. Active
Directory-integrated zones are authoritative primary zones.
A few advantages that Active Directory-integrated zone implementations have over standard
primary zone implementations are:
• Active Directory replication is faster, which means that the time needed to transfer
zone data between zones is far less.
• The Active Directory replication topology is used for Active Directory replication, and
for Active Directory-integrated zone replication. There is no longer a need for DNS
replication when DNS and Active Directory are integrated.
• Active Directory-integrated zones can enjoy the security features of Active Directory.
• The need to manage your Active Directory domains and DNS namespaces as separate
entities is eliminated. This in turn reduces administrative overhead.
• When DNS and Active Directory are integrated; the Active Directory-integrated zones
are replicated, and stored on any new domain controllers automatically.
Synchronization takes place automatically when new domain controllers are deployed.
How to create an Active Directory-integrated zone
1. Click Start, Administrative Tools, and then click DNS to open the DNS console.
2. In the console tree, select the DNS server that you want to create a new DNS zone.
3. From the Action menu, click the New Zone option.
4. On the initial page of the New Zone Wizard, click Next.
5. Select the zone type that you want to create. The options are Primary, to create a new
standard primary zone; Secondary, to create a copy of the primary zone; and Stub, to
create a copy of zone but for only the NS record, SOA record, and the glue A record.
6. Select the default selected option - Primary zone.
7. To integrate the new zone with Active Directory, and if the DNS server is a domain
controller; then you can select the Store the zone in Active Directory (available only if
DNS server is a domain controller) checkbox.
8. Click Next.
9. On the Active Directory Zone Replication Scope page, accept the default setting for
DNS replication: To all domain controllers in the Active Directory domain. Click
Next.
10. Select the Forward lookup zone option on the following page which is displayed by
the New Zone Wizard, and then click Next. 1
11. Enter a zone name for the new zone. Click Next. 1
12. The options that you can select on the following page pertain to dynamic updates. The
Allow only secure dynamic updates (recommended for Active Directory) option is
only available if you are using Active Directory-integrated zones. Click Next. 1
13. Click Finish to add the new zone to your DNS server.
Primary zone: This is the only zone type that can be edited or updated because the
data in the zone is the original source of the data for all domains in the zone. Updates
made to the primary zone are made by the DNS server that is authoritative for the
47
specific primary zone. You can also back up data from a primary zone to a secondary
zone.
Secondary zone: A secondary zone is a read-only copy of the zone that was copied
from the master server during zone transfer.
Active Directory-integrated zone: An Active Directory-integrated zone is a zone that

stores its zone data in Active Directory. DNS zone files are not needed. This type of
zone is an authoritative primary zone. Zone data of an Active Directory-integrated
zone is replicated during the Active Directory replication process. Active Directory-
integrated zones also enjoy the security features of Active Directory.
Stub zone: A stub zone is a new Windows Server 2003 feature. Stub zones only
contain those resource records necessary to identify the authoritative DNS servers for
the master zone.
IIS v 6.0
Kernel Mode: Kernel Mode is a mediator between the user mode and hardware. A kernel
mode is directly interactive with hardware.
IIS v 6.0 is Kernel Mode.
IIS server is user to host Websites and FTP sites generally. IIS server in Windows 2003
comes with version 6.0. Whereas in Windows 200 IIS v. 5.0. Rather in Windows NT 4.0 IIS
by default is 2.0 and if install Service pack 6.0 IIS server is 4.0. IIS v 6.0 works on directly on
Kernel Mode. Where as previous versions work on the User mode. As IIS 6.0 works on
Kernel Mode it is faster to host websites.
Websites can be hosted in a windows 98 operating system also by using PWS (personal web
server). But there are lot of disadvantages compare to IIS v. 6.0 on server. IIS is installed by
default in Windows 2000 server. Whereas in 2003 IIS server is not installed by default. We
call IIS as ISM (Internet Service Manager) in Windows 2003 server. Whereas in Windows
2000 we call as IISM (Internet Information Service Manager).
Websites: We can be hosted on a IIS server by using the default port number 80. Website on
an IIS server can be configured using a different port also. There are a total 65,535 ports out
of that 1023 ports are reserved.
FTP: File Transfer Protocol is specifically used for uploads and downloads. FTP site can be
configured on IIS server with a default port number 21. In Windows 2003 IIS by default the
administrator is allowed to download and denied to upload. The only one user can do both of
them, i.e. the Power User of IIS. He is calls as iuser (Internet). The administrator has to take
permission by himself in order to upload any data through the FTP site.
Once IIS server is configured the DNS server should be configured with zones. IIS is totally
integrated with DNS server.
By default in Window 200 IIS server there are 2 default websites. 1) Default website and 2)
Administrative Website.
Default website consists of help regarding IIS server. Administrative website is not available
in Windows 2003 IIS server.
48
Requirements for IIS server to host:
1. Standalone Sever (Can be installed in Domain Controller, Member Server or Work
Group).
2. Member server is recommended
3. Static IP Address
4. Windows 2003 server CD
5. DNS Server
6. Web content (html files).
To Install IIS Server:

Start  Setting  Control Panel  Add/Remove Programs  Add Remove Windows
Components.
Select the Application services, Click the details button.
Check the IIS. (by default FTP site is not selected).
So select IIS and click on Details again and check the FTP. Then OK – OK – Finish.
Insert Windows 2003 server CD when prompted.
After installation click Finish.
To configure website in IIS server:

Start  Programs  Administrative Tools  IISM
Open websites folder and Right Click.
Select New Website.
A wizard appears Click Next
Specify a name to the website (this name is available only in the IIS server) Click
Next
Specify the server’s IP address. Leave the default port number and specify Host
Header name (eg: www.yahoo.com) Click Next
Specify the path where web contents exist by clicking the Browse button. Click Next
Displays the certain options. Check the Browse option and Click Next and Finish.
Configure DNS with a Zone in the Forward Lookup Zone with same Header name
(newly created site in IIS).
Once the zone is configured with Host and Alias go to the Command Prompt and ping
with the Host header name.
If an error occurs while pinging flush DNS. To flush the DNS type the following
command.
C:>ipconfig \flushdns.
Once the DNS is flushed again ping with the host header name.
To Set the Home Page for the Website:
In IIS server, Right Click on the website which is created, go to Properties.
In the options select Documents. Click the add button and specify the Home Page file
name (eg: index.html). Click OK.
Delete if the default home page specified. Apply, OK.
To configure the Sub Domain for the existing website.
Right Click on the website which is created. Select New Website.
Follow the same steps as for website.
To configure the Sub Domain in DNS server in the Forward Lookup Zone.
Right Click on the Forward Lookup Zone which is created and Select New Domain
Specify the Sub Domain Name only (eg: mail).
Press OK, Sub Domain will be created.
49
Create Host and Alias for the Sub Domain.
Now go to Command Prompt and ping (www.mail.yahoo.com)
1) A maximum of 13 Sub Domains can be created and configured.
www.mail.yahoo.com
www.yahoo.com/ Virtual Directory.
To Create Virtual Directory

Right Click on the website and select New Virtual Directory. Specify a name to the
Virtual Directory (mail). Next follow the same steps as previous.
To Configure FTP site:

Start  Programs  Administrative Tools  IISM.
Open FTP Folder and Right Click and select New FTP site (This name is available
only in the list of IIS server) Click Next
Specify the server’s IP address.
Leave default port (21), Click Next
Displays options:
0) Do not isolate users 0) Isolate Users 0) Isolate users over internet.
Select default, Click Next
Specify the path where the web contents are, by clicking the Browse button. Click
Next
Displays 2 options: 0) Read 0) Write
Check Write option, Click Next & Finish.

Create the following folders..
C:\ Root
MCSE
Administrator
Username
Public
Giving the right to the Administrator to upload the information in to the FTP site:
Right Click on the FTP site which is created.
Go to properties select the 2nd option.
It displays the iuser account.
Change to Administrator by clicking the Browse button. Apply. OK.
Refresh for 1/2 minutes.
We cannot make any changes directly on the FTP site.

To make changes- Download the file makes necessary changes and then uploads.
Software Router
Router is used to establish connectivity between 2 different networks.
192.168.1.1 192.168.2.1
Router
192.168.2.2
192.168.1.2
50
There are 2 types of Routers:
2) Software Router and
3) Hardware Router.
Software Router: A software router is used to establish connectivity between 2 different
networks within a local LAN (preferred).
Hardware Router: A hardware router is used to establish connectivity between 2 different
geographical locations. Eg: WAN.
Differences between a Software Router & Hardware Router:
Sl Hardware Router Software Router
1 A Hardware Router has one task to A Software Router can be used to perform
perform i.e. Routing multiple tasks
2 It can be configured only by It can be configured by any person with a
professional simple knowledge
3 There are fixed series of routers are There are no fixed series in software routers
available in hardware routers
4 It is easily portable It is difficult for portable
5 It is costlier It is cheaper
6 It is required a third party devices No need to use any third party devices for
for connectivity and configuring. software routers.
Eg: Transceiver, DB9
RTL (Routing Table List):

An RTL is present within the router. RTL maintains the information of directly connected
networks to the router and also indirectly connected networks to the router.
NAT (Network Address Translator):
NAT is used to differentiate between private networks (IP address), Such that the public
network cannot access the private network but the private network can access the public
network. The NAT is implemented on the router. NAT is a layer 3 security, but with an option
called as ‘Basic Firewall’ it functions in all the 7 layers.
192.168.1.1 NAT
192.168.2.1
Router
192.168.2.2
192.168.1.2
DHCP Relay Agent:
DHCP Relay Agent is used to assign different network IP addresses dynamically of one
network to another. The DHCP Relay Agent takes the request from the client machine passes
through router and delivers at to the DHCP server present on the other network. Takes the IP
addresses from the DHCP server passes through the router and assign the dynamic IP address
to client.
4) Without configuring the DHCP Relay Agent on the router the DHCP server cannot
assign a dynamic IP address to a different network. Once the DHCP Relay Agent is
configured on the router no need to configure any Super Scope in the DHCP server.
DHCP
192.168.1.1 Relay 192.168.2.1
Agent
(Router)
192.168.2.2
192.168.1.2
51
 The routers information must & should be specified in the scope options for the
server options on the DHCP server.
Requirement for Software Router:

1. Standalone Sever (Can be installed in Domain Controller, Member Server or Work
Group).
2. Member Server is recommended
3. Requires at least 2 NIC cards.
• Each and every interface of the router must & should be configured with a different
network IP addresses.
To install the Software Router:

The software router is by default installed with Operating System.
To Configure the Software Router:

Start  Programs  Administrative Tools  Routing & Remote Access
Right Click on Computer Name & Select ‘Configure & Enable Routing & Remote
Access’
A wizard appears Click Next.
In the options select connectivity between 2 private networks. Click Next.
Displays 2 Options:  Either to configure Dialup  Not to configure Dialup
Select the No option. Click Next & Finish.
To configure NAT in Software Router:

• By default the NAT is installed with the router in Windows 2003 software router with
an option of Basic firewall. If NAT is not installed, then…
Right Click on General Folder and select New Routing protocol.
In the options select NAT/Basic Firewall. Click OK button.
Appears in the list.
To configure the NAT:

Right click on NAT/Basic Firewall and Select New Interface.
In the Interface select an Interface, Click OK
In the options displays: Private & Public.
Select the default option, Click Ok
Again Right Click on the NAT & select New Interface
Select the other Interface, Click OK.
Displays Public & Private.
Select the Public option & check NAT. Click OK. (Can select  Basic format)
To configure DHCP Relay Agent:

• To install the DHCP Relay Agent, on the Router remove NAT from the Router.
Because NAT requires both the interfaces with Static IP addresses.
To Install DHCP Relay Agent:
Start  Programs  Administrative Tools  Routing & Remote Access.
Right click on General & Select New routing Protocol.
In the options select DHCP Relay Agent and Click OK
DHCP Relay Agent appears in the list.
52
To Configure:
Right Click on DHCP Relay Agent and Select New Interface.
In the Interfaces Select an Interface and Click OK button.
Select the default options & OK
Add the other Interface also in the same procedure.
o Right click on the DHCP Relay Agent, go to Properties.
o Specify the DHCP servers IP Address, Click OK.
Remote Access Service (RAS)

RAS is used to establish connectivity between the client and the server remotely, by using the
3rd vendor in the middle (Telephone Department).
• Each and every network is by default an unsecured network. Because in an unsecured
network the data travels in a pure text format over the network. It can be hacked by
any person once the data is over the network.
In RAS concept the client machine uses the Dial-up connection to get connected to the RAS
server. In such case the client PC uses PPP (Point to Point) protocol or PPMP (Point to Point
Multi-link Protocol) to establish connectivity.
PPMP protocol is used when we require huge amount of bandwidth to connect to the RAS
server. It clubs multiple lines such as ISDN, X.25 and Digi (Digital) link to get huge amount
of bandwidth. An unsecured network is also called as a physical connectivity between two
nodes. To connect the unsecured network to a secured network VPN (Virtual Private
Network) connections are used.
• To have a secured network we must and should have an unsecured network first. A
secured network cannot be directly established. A secured network logical
connectivity between 2 nodes to have secured network 2 protocols is utilised. PPTP
(Point to Point Tunnelling Protocol) and L2TP (Layer 2 Tunnelling Protocol).
Initially PPTP was the industrial standard protocol for VPN connection. Later L@TP has
become the industrial standard for VPN connection. By default Microsoft Windows Server
2003 supports PPTP protocol.
A network is called as secured network because data travel in an encrypted format over the
network and will be decrypted only at the destination end.
• By default 2 single unsecured networks (dial-up) a maximum of 5 VPN connections
can be established using PPTP protocol.
Digital Windows Windows

2000 (Prof) VPN 2003 Server Digital
Dial-up PPTP
L2TP
PPP Modem Modem PPPOE
PPMP
Analog MRASP
53
Point to Point Over Ethernet (PPPOE): To have a huge bandwidth over point to point
connection has Ethernet technology a protocol is used on the RAS server is called as PPPOE.
Microsoft Remote Access Service Protocol (MRASP): When there are multiple RAS
servers able to communicate each other then MRASP protocol is used to establish that
connectivity.
Requirement for RAS Server:

1. Standalone Sever (can be installed in Domain Controller, Member Server or Work
Group). Member Server is recommended
2. Static IP Address
3. Modem
4. Telephone Line
5. Telephone Number
To Install RAS Server:

By default RAS server is installed with operating system.
To Configure RAS Server:

Select Configure & Enable Routing and Remote Access.
A wizard appears Click Next
Select the option ‘Remote Access’ (by default it is selected) Click Next
Displays 2 options: VPN & Dial-up; Check ‘Dial-up’ & Click Next
Gives 2 options again:
 Assign IP address through DHCP server Manually …
Select Manual option and Click Next
Specify the range of IP Addresses by clicking Add button; Click Next
Gives 2 options:  To configure Radius Not to configure Radius
Select No Click Next & Finish.
To configure Modem both on Server and Client:

Start  Settings  Control Panel  Phones & Modems
Double click on Phones & Modems, Select Modem in the options. Click Add button.
A wizard appears with check box indicating Manually select the Modem Driver.
Check the option and Click Next.
In the next options select the ‘Communication cable between 2 computers’ Click Next
Select the COM port Click Next & Finish.
To Configure Dial-up Connection: (On the Client Side Only)

Start  Settings  Network Connections. Double click ‘Make new connection’
A Wizard appear, Click Next
In the options select ‘Advanced’ Click Next
2 options appears. In the options select ‘Connect Directly to Another Computer’ Click
Next
Displays 2 options: (Host & Guest), select Guest option, Click Next
Specify the Computer name of the RAS server Click Next
Select the Modem Click Next
2 Options displays: (Everyone & Myself), select any one option Click Next & Finish
54
To Configure the VPN Connection: (On the Client Side Only)
Start  Settings  Network Connections. Double click ‘Make new connection’
A Wizard appear, Click Next
In the options select ‘Connect the network to the Workplace’, Click Next
Select ‘VPN’ option, Click Next
Select the ‘Unsecured network Connection’ option, Click Next
Specify the RAS servers PPP adaptors IP Address, Click Next
2 options appear: (Everyone & only myself) select any one option Click Next & Finish
By default the Administrator himself is denied to use the Dial-up connection. To make his
account Allow access:
Start  Programs  Administrative Tools  Active Directory Users & Computers.
In the users folder, Right Click on the Administrator account, go to Properties. In the options
select ‘Dial in’ and click Allow option. Click Apply & OK. The same applies ever for the user
also.
Terminal Service
Terminal Service is used to deploy the server environment on to the client machine. The
applications that are installed on the server can be accessed from the client machine with
lesser configuration by using Terminal Service. Eg: 3D Max, Maya etc.
Terminal Services are very widely used in the software designing and corporate sectors. One
of the other reasons why Terminal Services are used is to reduce the infrastructure cost.
Terminal Service in Windows NT 4.0 is not integrated with operating system. Where as in
Windows 2000 and Windows 2003 the Terminal Service is integrated. To have Terminal
Service in Windows NT 4.0 a separate edition should purchased called as Windows NT
Terminal Service server. Terminal Service uses a protocol called as RDP (Remote Desktop
Protocol). Windows 2000 Terminal Service has 2 modes: 1) Remote Administrative Mode 2)
Application Service Mode.
1) Remote Administrative Mode: Through Remote Administrative
Mode only Administrator allowed to login. The administrator can’t access any
applications in this mode, but can configure the Terminal service.
2) Application Service Mode: Through Application Service Mode both
users and administrator are allowed to login. Both of them can access any application
on Terminal Service. The administrator can even configure the Terminal Service.
In Windows 2003 Terminal Service are 2 models: 1. Full Security Mode & 2. Relaxed
Security Mode.
1. Full Security Mode: Through Full Security Mode by default only administrators are
allowed to login by giving permissions to users in Terminal Service even the users can
login in this mode. In Full Security Mode certain application will not work properly
and also critical registry options can’t be changed nor modified in this particular
mode.
2. Relaxed Security Mode: Through this mode by default only administrators are allowed
to login by giving permissions to users in Terminal Service even the users can login in
this mode. In this particular mode all applications will work and also critical registry
options can be changed or modified. By default the Terminal Service will be running
on Windows server 2003 in this particular mode.
Terminal Service has 2 important features: 1) Remote Control & 2) Environment.
55
1) Remote Control: Through Remote Control option the administrator can view the users
terminal service session. There are 2 modes in Remote Control option. 1) View Mode
& 2) Interactive Mode. In View Mode the administrator can view the user’s Terminal
Service session. Trough Interactive Mode the Administrator can interact with the use
through this particular mode. There is an option is checked once the Remote Control is
applied to the user’s Terminal Service either to accept or deny. If this option is
unchecked once the Remote Control is applied to a user and no intimation will be sent
to him and forcibly takes the user’s Terminal Session.
2) Environment: Through Environment option only one application can be deployed to
the user when the user in the Terminal Service. If we need to deploy more than one
application, create a .bat file. Open Notepad type the applications that are required on
the other and save it in the drive with some name.
To give these options to a single user:

Start  Programs  Administrative Tools  Active Directory Users & Computers.
Right click on user account and go to properties.
In the options select Remote Control or Environment.
If these options should be given to all the users:

Start  Programs  Administrative Tools  Terminal Service Configuration.
Right click on RDP on the right side of the screen and go to properties.
In the options select Remote Control or Environment.
To give permissions to users to login into Terminal Service:

Start  Programs  Administrative Tools  Terminal Service Configuration
Right click on RDP and go to properties. In the options select Security.
Add the user name and specify the permissions.
In Windows 2000 Terminal Service a user can open multiple Terminal Service sessions. But
in 2003 Terminal Service a user can login / open only one Terminal Service session.
 By default Relaxed Security Mode will be installed with Operating System itself.
But in Windows 200 Terminal Service should be manually selected in Control
Panel.
Requirement for Terminal Service:
1. Standalone Server (Domain Controller or Member Server)

2. Static IP address &
3. Windows 2003 CD.
To install Terminal Service in Full Security Mode:

Start  Settings  Control Panel  Add/Remove Programs  Add/Remove Windows
Components.
Scroll down the list & check Terminal Service, Click Next
The information of Terminal Service window appears, Click Next.
Displays 2 options  Relaxed Mode  Full Security Mode.
Select the Full Security Mode, Click Next
Provide Windows 2003 server CD when prompted. Click Finish & Prompts to Restart.
To share the Terminal Service Client Software (on the server):
56
Open folders “My Computer  C:  Windows  System32  Clients  TSclients 
Win32” folder. Share ‘Win32’ folder.
On client side open the share folder (on Server) and installed the application.
RIS
RIS Service is used to deploy the Operating System from the server to the client system
directly. This service is been introduced in Windows 2000 Server and also available in
Windows 2003 Server. To do this deployment we require either Hardware support or
Software support on the client system. Through RIS we can deploy certain Operating Systems
like Windows 2000(P), Windows 2000(S), Windows XP (P), and Windows 2003(S) but can
not deploy Windows 95, Windows 98, Windows ME, Windows NT 4.0 and Datacenter
Servers of Windows 2000 and 2003 will not work. RIS Services reduces the work load of an
administrator by automatically installing the Operating System from the server to the client.
To install the Operating System we require the installation CD of the Operating System, CD-
Rom on each and every system and also the administrator as to manually answer each and
every question to complete the installation process. Through the RIS Services there is no need
to have CD-Rom on each and every system, no need to have the installation CD of the
Operating System and the administrator job is also less compared to the installation Process.
There are two methods in RIS Service through which we can deploy the Operating
System they are
1. Attended Installation
2. Un Attended Installation
1) Attended Installation: The default processor in RIS is the Attended Installation. Through
this process the administrator has to answer certain question while the installation is going on
like 25 digit product key, organisation name, etc.
2) Un Attended Installation: Through this process the installation is done totally automatic.
No question will be asked while the installation is going on. To do this process the
administrator has to modify the “.sif”.
The hardware requirement on the client system is the PXE (Preboot Execution Environment)
Boot Room. The PXE Boot Rom is available on the client NIC cards. But Windows 2003 RIS
service supports only 10 vendors NIC cards with PXE Boot Rom, in Windows 2000 RIS
service it supports 3 Vendors NIC cards with PXE Boot Rom. If the Hardware is not available
we can use the Software Process. We can use the RIS Bootable CD or Floppy to start the RIS
installation Process.
57
58

MCSE Classes

Enviado por

Dados do documento

Descrição original:

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

MCSE Classes

Enviado por

Direitos autorais:

Formatos disponíveis

WINDOWS 2003 SERVER (MCSE)

Networking is for – sharing resources, security, communication etc.

Basic Requirements of Networking are

1) The two Systems can be any configuration

2) The Operating System’s can be of any Vendor

3) The NIC can be of different vendors.

4) Guided Media: - A physical connectivity between systems is called guided media.

5) The Connectors are cable Dependent.

6) 2 types of IP versions are available.

IP Addresses are classified into 5 classes:

* To identify the IP address which class does it belongs to the first

Class A: 0 – 127 (128)

Total Networks = 126

0 and 127 addresses are reserved.

* 0.0.0.0 is reserved for Global IP Address

Class B: 128-191 (64)

* Non of the values are reserved in class B.

* Non of the values are reserved in class C.

Class D: 224-239 (16)

Class E: 240-255 (16)

* Class E is reserved for Research & Development.

Topology means Layout of network (architecture)

Installation Steps for Windows 2003 Server

Requirements for Active Directory installation.

1. Stand alone server

To Install Active Directory

A wizard appears – click next

Select 1st option & click next

Displays the NetBIOS name – click next

Displays the path for NTDS folder. (C:\windows\NTDS) – Click Next

Select default and click Next

Click the Next button.

Click Next – The installation starts.

Additional Domain Controller (ADC)

Child Domain (CD)

New Domain in the Existing Forest (NDEF)

Roles of Active Directory

1. Domain Naming Operation Master Forest wide Roles

4. RID – Relative Identifier

To view the DNOM

To change the role of DNOM

By default the RID are available on the domains.

To see the three roles (RIDM, PDCI & IM) go to

* Start  Run  ‘net accounts’

To Run Services  service.msc

Forest and Domain Functional Levels

 Domain Functional levels can be raised independently of one another.

Functional Levels are classified into two levels

 Domain Functional Level

Domain Functional Levels:

a) Windows 2000 Mixed Mode:

c) Window 2003 Interim Mode

d) Windows 2003 Mode

To check Functional levels

1. Active Directory Domains & Trusts

 Secure Communication paths that allow security principals in one domain to be

One Way Incoming: Example

Default: Two ways transitive trust Kerberos trusts (Intra-Forest)

Shortcut: One or two way transitive Kerberos trusts (Intra-Forest)

Forest: One or two way transitive Kerberos trust

External: One way Non-Transitive NTLM trusts.

Configuring Cross Forest Trust Relationship

IP Setting in 2 different domains