Mcse Notes

1
MCSE
(Microsoft Certified System Engineer)
The Number of Exam for MCSE = 7
a. Installing, Configuring, and Administering Windows XP Professional [070-270]

b. Managing and Maintaining a Windows Server 2003 Environment [070-290]
c. Implementing, Managing, and Maintaining a Windows Server 2003
Network Infrastructure [070-291]
d. Implementing and Managing Microsoft Exchange Server 2003 [070-284]
e. Planning and Maintaining a Windows Server 2003 Network Infrastructure [070-293]
f. Planning, Implementing, and Maintaining a Windows Server 2003
Active Directory [070-294]
g. Designing a Windows Server 2003 Active Directory and
The MCSE is a combination of 3 Level
1. Level 1 MCP (Microsoft Certified Professional)

(Any one Exam out of 7)
2. Level 2 MCSA (Microsoft Certified System Administrator)

Need to Complete following Exams.
Windows XP Professional [070-270]
Windows Server 2003 [070-290]
Network Infrastructure (NI) [070-291]
Exchange Server 2003 [070-284]
3. Level 3 MCSE ( Microsoft Certified System Engineer)

Need to Complete following Exam with MCSA
Network Infrastructure (NI) [070-293]

Active Directory (AD) [070-294]
Active Directory & Network Infrastructure (AD & NI) [070-297]
MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

2
th
6 Feb, 2009
Installing, Configuring, and Administering Windows XP Professional [070-270]
1. What is Operating System?

Operating System is an Interface between user & Hardware device or we can say an operating system,
or OS is a software program that enables the computer hardware to communicate and operate with the
computer software. Without a computer operating system, a computer would be useless.
There are two type of Operating System:

A. Client Operating System. B. Network or Server Operating System
A. Client Operating System:

It is an Operating System in which users work.
i.e. Windows Vista
Windows XP
Windows 2000
Windows ME
Windows NT
Windows 98
B. Network or Server Operating System:

It is an Operating System which provides different kind of services to client operating system. Such as
DHCP, DNS service, Active Directory service, Web Serviceetc.
I.e. Windows Server 2008
Windows Server 2003
Windows 2000 Server
Windows NT Server
Others: Red hat Enterprises Linux Server, Sun Solaris Server, Novell Netware server etc...
--------x--------
Hardware Requirement for Installation of Windows XP Professional
1. CPU (Central Processing Unit)

233-300 MHz Intel Pentium II
Or
Compatible AMD
Maximum Supported CPU-2
2. RAM (Random Access Memory)

Minimum 64MB
Maximum 4 GB
3. Hard Disk Space

1.5 GB to 2GB + Space for rest of the software & Data

3
Installation Process of Windows XP Professional
1. Standard Installation (Clean Installation )

2. Up-gradation
3. Unattended Installation.
4. RIS (Remote Installation System)
Steps for Clean or standard Installation:
1. Start Your Pc
2. Enter in BIOS (by pressing F1, F2, F3, DEL, ESCetc according to supplier)
Or we can see the BIOS Entering Key on Startup screen
3. Go to Boot & Set Boot Device Priority
st
1 Boot Device CD-ROM
nd
2 Boot Device - HDD (Hard Disk)
rd
3 Boot Device Any
& Save the Setting & Exit
4. Insert XP CD into the CD-Rom & restart computer
5. Press Any Key when Press any key to boot from CD Prompt on Screen
6. Next youll get the option to Repair or Enter Setup Press Enter.
7. Press F8 to agree with the License
8. Setup will scan for the previous window installation
9. Choose the location to install
a) If this is a clean Hard Drive, you can choose to create a partition in the un-partitioned space. At
this point you can allow setup to use all the space or set a size for partition.
b) If the partition are already made then select a Partition to install it.
10. Choose the file system from the screen. Press Enter to continue
11. Setup will show the progress box & reboot when copying file is complete.
12. After restarting when you would see Press any key to boot from CD do not Press any key
13. From this point you will follow the screen prompt
14. Enter you Name & Organization
15. Enter Product Key
16. Choose name for you computer
17. Choose you Time, Date & Time Zone
18. Setup will scan for network
19. If detected you have choice to choose typical configuration or custom configuration
Choose typical if you are unsure.
20. Choose your workgroup
21. Setup will continue & reboot after finishignore Press any key to boot from CD
22. You will see a change display setting, click yes to accept the setting
23. Your XP is installed & follow the few prompt instruction
Note: We can remove CD when 18 min are remaining to complete Installation

4
Up-gradation of Window
Steps for Up-gradation of Window
1. Insert Windows XP CD
2. Brows CD & run Setup
3. Click on Install Windows XP
4. When Window appears select installation type to Up-gradation
5. Accept the license & Enter the product key
6. Follow the instruction
Unattended Installation Process of Windows XP Professional
In this installation we create an answer file which is used while installing Operating System. So there is no
need to attend the installation process after running setup.
Steps for unattended installation
1. Insert XP CD in the Drive

2. Browse XP CD
3. Go to SUPPORT TOOLS - DEPLOY.CAB Setupmgr.exe (right click & Extract )
4. Select location & click extract again.
5. Go to the location & open setupmgr.exe & click next
6. Create New answer file Windows Unattended Installation select window & version select fully
automated Click No I accept - Next
7. Now fill the Prompt & required Information.
8. You will find two files (unattended. bat & Unattended.txt)
9. Click on unattended. bat (Your installation would start)
10. If you installation doesnt start then right click on unattended. bat & click edit
Check the file path & run again
Note: 1. This installation doesnt format the drive.

2. A running Operating system is required
3. This installation is for Dual boot, Multi Boot, Upgrade & Repair the window

5
Boot Files
There are some boot files which are hidden in C Drive
To view hidden boot files
Open My computer C drive - Tools Folder Option View Click on Show hidden file Uncheck hide
protected system files Apply - Ok
It will display some more files which are needed in boot process such as:
1. NTLDR (New Technology Loader)
2. NTDETECT.COM
3. BOOT.INI (It has multiple OS chosen Option)
4. CONFIG.SYS
5. IO.SYS (INPUT & OUTPUT)
6. MSDOS.SYS
7. PAGEFILE.SYS
BOOT.INI
Its a notepad file which has two information.
1. Time out
2. Default Operating System to Load
You can change time out & default OS through Boot.ini
[My computer Property Advance Setting under Startup & Recovery]
Using Recovery Console

(While Booting From CD)
If for any region your computer is not booting up & showing NTLDR file missing or corrupted or compressed
you can copy NTLDR file from recovery console
To Choose Recovery Console

1. Insert OS CD in CD-ROM & Restart your computer.
2. Press any key to boot from CD
3. Next youll get the option to Repair or Enter Setup Press R for repair using Recovery console.
4. Here you will be in DOS mode.
5. After the first question, type 1 and press enter.
Type the administrator password (if available) and hit enter.
6. Type CD .. (Note there must be a space between CD and ..)
This will bring you to the main "C" directory.
7. Then type d: to locate the CD-Rom Drive
8. D:\>dir
9. cd i386
To Copy file
10. Copy ntldr c:\
11. Copy ntdetect.com c:\
To decompress
12. c:\attrib -C ntldr
13. Exit

6
If your Boot.ini is corrupted then use following steps in Recovery console
1. After the first question, type 1 and press enter.
Type the administrator password (if available) and hit enter.
2. Type CD .. (Note there must be a space between CD and ..)

This will bring you to the main "C" directory.
3. Type the following attributes.
* C:>ATTRIB -H C:BOOT.INI
* C:>ATTRIB -R C:BOOT.INI
* C:>ATTRIB -S C:BOOT.INI
4. Type DEL BOOT.INI

5. After that type BOOTCFG /Rebuild
This process may take some time to complete.

Once that is done, just type CHKDSK /R /F
This process again will take some time as it will check the disk status. Do note that it can take up to 30 minutes
or more on slower machines.
Once the check disk process is complete, complete the whole process by typing FIXBOOT and click enter.
You will be given a prompt that reads "Sure you want to write a new boot sector to the partition C: ?"
Simply type Y for yes. Once done, type exit to restart your PC. You will now be able to boot normally on your
Windows XP.
[Note: If computer keep restarting, it could be because of Missing or Corrupted Boot.ini file.]

7
th
18 Feb. 2009
Sharing & Security Permissions
Sharing a folder: Go to Folder properties which you want to share then select sharing click on the Share
Folder Apply
Note: if the function is not open then go to control panel admin tool Local Security policy- Local Policy
Security Option- set network access: sharing & security model guest to Classic & Apply & OK.
Share folder permission

Go to folder properties sharing Permissions
There are three types of Permissions
1. Full control
2. Change
3. Read
Folder Security Permission

Go to folder properties Security
There are seven types of permissions
1. Full Control
2. Modify
3. Read & Execute
4. List folder contents
5. Read
6. Write
7. Special Permission ( which keeps blocked )
Permission Meaning for Folders Meaning for Files

Read Permits viewing and listing of files and subfolders Permits viewing or accessing of the file's contents
Write Permits adding of files and subfolders Permits writing to a file
Read & Execute Permits viewing and listing of files and subfolders as well Permits viewing and accessing of the file's contents
as executing of files; inherited by files and folders as well as executing of the file
List Folder Contents Permits viewing and listing of files and subfolders as well N/A
as executing of files; inherited by folders only
Modify Permits reading and writing of files and subfolders; allows Permits reading and writing of the file; allows
deletion of the folder deletion of the file
Full Control Permits reading, writing, changing, and deleting of files Permits reading, writing, changing and deleting of
and subfolders the file

8
To Grant full control permission to any user for a share folder
Go to folder properties sharing permission click add advance find now select any user ok select
user check allow full control apply
Note: If there is no security page is shown then open my computer tools folder option view un-check
last option (use simple file sharing)
To Access a share folder from another computer

Start run - \\IP OK
Or Click My network places - entire network windows network open domain name or workgroup name
open computer name open share folder
Note: By default all drives of a computer is shared. You can access it by the command (\\IP\ drive letter with $ sign)
th
19 Feb. 2009

9
Safe Mode
If your computer is not booting properly or normally then there is some advance boot option that you can
choose to boot your computer such as:
1. Safe mode
Safe mode option Boots your computer with minimum driver required. In this mode you can disable any
device driver & you can backup you data... etc.
2. Safe mode with networking

Safe mode with networking also loads driver of LAN card so your computer will be in network.
3. Safe mode with Command Prompt

Safe mode with command prompt boots your window & provides on command prompt. You can work
with command prompt as far as you can
4. Enable Boot logging

Enable boot logging creates file which contains boot information & problem.
5. Enable VGA Mode

It boots your window with minimum graphic resolution.
6. Directory Services Restore Mode

This mode is used when we restore Active Directory in Win Server
7. Debugging Mode
If two computers are connected with serial cable by com port, it will display boot info in another
computer.
System Restore Point

You can create a system restore point when your system is working properly. With this restore point you can
undo harmful changes to you operating system. Basically it restores window settings & performance without
destroying saved documents, emails, history & favorite list.
Your computer also creates automatically restore point called check point.
To create a Restore Point

Start Program Accessories System tools System restore- Select create a restore point.
You can also undo your restore
rd
23 Feb. 2009

10
Managing and Maintaining a Windows Server 2003 Environment [070-290]
Installing devices using Add Hardware Wizard
Installing loopback adapter

The Microsoft Loopback adapter is a testing tool for a virtual network environment where network access is
not available. Also, you must use the Loopback adapter if there are conflicts with a network adapter or with a
network adapter driver. You can bind network clients, protocols, and other network configuration items to the
Loopback adapter, and you can install the network adapter driver or network adapter later while retaining the
network configuration information.
Step to Install
Start Setting Control panel Add Hardware Add new Hardware Device Select Advanced Select
Network Adapters Select Microsoft Loopback Adapters Finish
Go to My Network Places Properties Here you can see it.
Step to uninstall
Go to Device manager Expend Net Adapter Right click on Loopback Adapter - Uninstall.
Hardware Profile
You can create hardware profiles with different Hardware settings. Its mostly useful for laptop. It provides
you options to choose Hardware profile during system startup. You can create Many Hardware profile.
[i.e. if you have more than one LAN-card you can enable one LAN-Card in each Profile.]
To create hardware profile

Go to My Computer property Hardware Hardware profile Copy Name (any) Ok
Printers
There are four types of printers
1. Local printer
2. Share printer
3. Network printer
4. Internet printing (Window Server)
(1) Local Printer: If Printer is directly attached to a computer (either in LPT port, Com port, or USB port) is
called Local printer.
Installation: Start Printer & Faxes Add Printer Select local printer -
Select port Select manufacturer & Printer Model Printer Name (any) Share Name Location
(physical)(optional) - Finish
(2) Share Printer: If a Printer is attached to another computer & is shared to other computers too is called
share printer.
Installation:
Start Printer & Faxes Add Printer Select A Network Printer Browse or \\IP of print server\printer
name (Name or IP) - Finish

11
(3) Network Printer: If a printer is directly attached to a switch then its called network printer. You have to
install a network printer in any computer as a local printer & in other computer as a share computer or we
can also install as local printer in each computer.
Installation:
To install network printer you have to configure IP address of Network Printer. To configure IP address of
Printer there may be a keypad in Network Printer or you can configure your printer through internet
explorer (just type //IP of printer in IE.)
[IP address of the Network Printer will be given in Printer Manual]
(4) Internet Printing: You can enable internet printing in Windows Server 2003. You can use your Web
browser to connect to shared printers on a print server that is running Microsoft Internet Information
Services (IIS). Printing is implemented by way of the Internet Print Protocol (IPP), which is encapsulated in
the Hypertext Transfer Protocol (HTTP). By typing the Uniform Resource Locator (URL) of a remote printer
in the Address bar of your browser, you can connect to, and print from the printer in the same way as if it
were attached to your own computer.
You can view a Web page on which all printers on a print server are listed, or a page that is specific to the
printer to which you want to connect.
To Enable Interne printing on server

Go to Control Panel Add Remove Program Add remove windows component Select Application Server
Details Select IIS Details Check on Internet Printing Ok - Finish
Installing internet printer on client computer

Go to Printer & fax Add Printer Network Printer Select connect to a printer URL [http://IP of print
server/Printers/Printer share name/printer]
Printer Pooling: If you have more than one printer of same manufacturer & same model then you can enable
printer pooling. If you are pooling in printers than make sure that your all printer should be kept in the same
location or else you will not able to find that which printer has printed out you document.
Enable Printer Pooling
Go to Printer Properties Ports Check on Enable Printer Pooling Check both Printer Port Ok
Priority: If there is long waiting queue for print job & want to set priority to any user then you can configure
nd
Printer priory. As soon as printer will finish the current job it will take high priority printing job at 2 instance.
Enable Printer Priority
Install a printer twice Go to printer properties Advanced Set priority
Spooling: (Simultaneous Peripheral Operations On-Line) the overlapping of low-speed operations with normal
processing. Spooling originated with mainframes in order to optimize slow operations such as reading cards
and printing. Card input was read onto disk and printer output was stored on disk. In that way, the business
data processing was performed at high speed, receiving input from disk and sending output to disk.
Subsequently, spooling is used to buffer data for the printer as well as remote batch terminals.
Note: Administrator can also manage internet printer through Internet Explorer
[http://IP of print Server/printers]

12
Basic Disk & Dynamic Disks
Basic Disk:
A disk initialized for basic storage is called a basic disk. When we install operating system by default our disk is
Basic Disk. A basic disk contains basic volumes, such as
1. Primary partitions,
2. Extended partitions,
3. Logical drives.
Primary partition is the first division of a hard disk drive. The primary partition is often the only one on the
disk, and it occupies the entire disk volume. If there are multiple partitions, the primary partition is the one
that holds the operating system and has to be made "active" in order to do so. We can make maximum 4
primary partitions on a disk.
Extended Partition: If we need more then four partition then we need to make at least one extended
partition. This Extended partition is used to make more partition. Extended partition works as boundary for
logical drives.
Logical Drives: We can create many logical drives inside an extended partition. We can create up to z logical
drives, and then we can create many mounted drives on any folder or drive.
To Create Partition
Go to My computer Right click Manage Disk Management Right Click on partition & follow the
instruction
Dynamic Disk:
Dynamic storage is supported in Windows XP Professional, Windows 2000 and Windows Server 2003. A disk
initialized for dynamic storage is called a dynamic disk. A dynamic disk contains dynamic volumes, such as:
1. Simple volumes,
2. Spanned volumes,
3. Striped volumes, (RAID 0)
4. Mirrored volumes, (RAID 1)
5. RAID-5 volumes. (Striped with Parity)
R Redundant
A Array of
I - Inexpensive/Independent
D Disk
A basic disk doesnt support above features. We can convert a basic disk into dynamic disk any time without
data loss. But to convert a dynamic disk into Basic disk we need to format whole hard-disk so backup your
data before converting.
When we convert a basic disk into dynamic disk, all primary partition & Logical partition changes to Simple
Volume & free space of extended partition become unallocated partition. With dynamic storage, you can
perform disk and volume management without the need to restart Windows.
1) Simple Volume: Its Similar to primary partition but you can extend size of simple Vol. without data loss. But
you cant reduce size of Vol. If you extend size from same hard-disk it will be simple volume, but if you extend
size from different HDD it will become spanned Vol.
2) Spanned Volume: you can create a single volume containing size of multiple HDD. It means you can create
160 GB Vol. by using two HDD of 80 GB.
You can use Min- 2 HDD
MAX 32 HDD

13
3) Striped Volume: You can create a single volume using multiple HDD. It takes equal size from all disk, it saves
data of 64kb in all HDD in a scattered way. It enhances volumes read & write performance. It provides no fault
tolerance. If any disk crashes your all data will become inaccessible.
MAX 32 HDD
4) Mirrored Volume: It takes two hard disks. It saves same data in both disks. It means it automatically copy
data in to second HDD. In this 80GB Vol. will take two HDD of 80GB.
It is Fault tolerance & its overhead is 50%
5) RAID 5: It combines the feature of striped volume & mirrored Vol. It also saves data of 64 kb like striped
volume. It also saves parity (Compressed form of data) in another disk. For 160GB Vol. you will require Three
HDD of 80GB each.
It is Fault tolerance & its overhead is 33%

MAX 32 HDD
Note: Dynamic disks are not supported on portable computers or on Windows XP Home Edition-based computers.
Dynamic disk also does not support dual booting & multi-booting.

14
nd
2 March, 2009
Local Users & Groups

When we install operating systems it creates two local users accounts.
a. Admin
b. Guest
By default guest account remains disable.

There are two more users
a. IUSR
b. IWAM
That is called internet guest a/c.

We create user a/c so that a user can login to a computer & can work on it.
Administrator a/c is called built-in a/c which has full access on computer & can perform any task.
There are some built-in groups which has special authority on computer such as
1. Administrator group
2. Backup operators
3. Guest
4. Network configuration operator
5. Performance log users.
6. Performance monitor users
7. Power users
8. Print operators
9. Remote desktop users
10. Replicaters
11. Users
12. IIS_WPG
13. Terminal Server Computer
We create Group to give similar authorities to a set of users.
We can create user through

1. My com - Manage 2.CMD Prompt 3. Control Panel
To Create a User a/c

1. Go to, My computer Right click on it Manage Local users & Groups Users Right click New
user Type user name & Password Confirm Password Create
2. Go to, Run net user username password /add (For limited A/c)
3. Go to, Control panel Users account Create a new a/c
To create a group of user at one shot: create a notepad file & type commands
(Type Net user name password /add for each user) to create as many user as you want & save the file name
with (.bat file) & run it.
Creating a group
Go to My computer Manage Local User & Group Right click New Group Give name & password
Apply
Adding user in a Group

Go to My computer Manage Local User & Group Groups Right click on Group Properties Add
Advance Find Now Select users Ok - Apply
[Press Ctrl to select more then one user]

15
To Reset a Password
Go to, My computer - Manage Users Right Click on User Set Password
Or
Run CMD net user username * & press Enter
Type password (should be complex & at least of seven character)
To Enable or Disable a/c

Go to Manage Local users & Group Right click on User a/c Properties Check or Uncheck to Enable or
Disable a/c respectively.
[Note: If you have disable Administrator a/c & log off & there is no other administrator a/c then restart your computer
go into safe mode with command prompt & then type [net user administrator password /active:yes}

16
th
4 March, 2009
Workgroup
Workgroup is a group of computers in LAN. In workgroup each computer is a standalone computer which has
their separate local user a/c & groups.
They can share resources & peripherals to each other.
In a network a computer will be either in workgroup or joined in domain.
Domain
Domain is a group of users & computers defined by the administrator with the common rule & procedure.
Domain has a DNS (Domain Name System) Name such as:
Microsoft.com
Google.com
Vikas.com
When a computer joins to a domain it has its own local users & groups as well as it also logon in domain
Domain Controller
It is a Windows Server 2003 installed computer in which Active Directory Service is installed. Domain
Controller is used to manage domain object such as Users & Computers Centrally.
Active Directory
It is a directory service which is installed to configure Windows Server 2003 as a domain controller. It also
defines domain DNS Name. It has information of all domain objects like Users & Computers
To Create Domain
1. Install Windows Server 2003 in a computer.
2. Install Active Directory Service in Win Server 2003.
3. Create all users a/c in Active Directory.
4. Join all client computers to domain.
5. Window server 2003 Active Directory doesnt support window 95 & Windows NT 4.0 service pack 3 or
earlier.
To Install Active Directory Service

Go to, - Start Run type dcpromo & Press Ok & follow the wizard
Requirement:
A) Windows Server 2003 must be installed.
B) LAN Card device & driver must be installed.
C) IP Address must be configured
D) LAN card must be connected to a switch & must be activated.
To Uninstalled Active Directory Service

Same Command as Installing it.
Go to, - Start Run type dcpromo or dcpromp /forceremoval & Press Ok & follow the wizard

17
th
5 March, 2009
Creating domain User a/c in AD (Active Directory)
Go to Start Program Administrative Tools Active Directory users & computers Expend Domain Name
st
Select Users & right click- Select New User Type 1 name Type User Logon Name Type Strong Password
Finish
Or
st
Start Run Type dsa.msc - Expend Domain Name Select Users & right click- Select New User Type 1
name Type User Logon Name Type Strong Password Finish
Join a client computer to a domain

From Client Computer or Pick Client Computer Remotely
Go to, My Computer Properties Computer Name Change Select Domain In Name Field Type Domain
NetBIOS name in capital Press ok Type Domain Controller Admin Password.
[To view the joined computer in domain go to active directory users & computer & click on Computer]
Login to a domain
There are two way to login to a domain.
A) By NetBIOS Name
B) By Domain DNS Name
By NetBIOS Name you need to type Just NetBIOS name & Password
i.e. User Name: VIKAS (NetBIOS Name)

Password : *******
By Domain DNS Name you need to type User name with addressing domain name & Password
i.e. User Name: Vikas@abc.com (Vikas-DNS name& abc.com- domain name)

Password : *******
Adding a domain user as a local Administrator

From Client Computer or Pick Client Computer Remotely
Login as local administrator Go to Control Panel User a/c Add Type user name (same as domain user
name) Select Domain Name Next Select administrator in option others Finish
Configuring domain User Properties

Go to -Active Directory Users & Computer Users Right Click on User Properties Account Logon Hours
Set Login Hour, Days (here user can login only on Selected Hour & Selected Days)
Or
Logon to Select Client Computers to login (Here user can login only on selected client computers)

18
To Send Massage to another Computer
Start Alerter Service & Messenger Service in each computer you want to send message.
To start these services:
Go to Control Panel Administrative Tools Services Open Alerter Set Startup type to Automatic
Click Start button Ok (Similarly Enable Messenger Service)
Or
Go to Run Type Services.msc - Open Alerter Set Startup type to Automatic Click Start button Ok
(Similarly Enable Messenger Service)
When Both Services (Alerter & Messenger) are Enabled

Go to - Run Type net send * Hello (your message)
Note: The sign of * in net send * Hello (your message) will send your message to all computers at once. If you want to
send your message to only one PC then use (IP address or Computer Name instead of *)

19
th
6 March, 2009
Creating Domain Group
Go to Active directory users & computers Expand Domain Name Right click on users New Groups
Type Group Name Ok
Adding Users to a Group

Go to Active directory users & computes Select a Group Properties Members Add Advance Find
Now Select Users Ok Apply
To Assign a Permission to a Group for a Folder

Go to Folder Properties Share Permission Add Advance Find Now Select Group Ok Apply
Password Policy
Go to Start Program Administrative Tools Domain Controller Security Policy Open A/c Policy Open
password policy: You will find Six Password Policies
1. Minimum Password length: This security setting determines the least number of characters that a
password for a user account may contain. You can set a value of between 1 and 14 characters, or you
can establish that no password is required by setting the number of characters to 0.
Default: 7 on Domain Controller

0 on stand-alone Server
2. Password must meet complexity requirement: If this policy is enabled, passwords must meet the
following minimum requirements when they are changed or created:
1 Password should not contain significant portions of the user's account name or full name
2 Password should be at least six characters in length
3 Password should Contain characters from three of the following four categories:
a) English uppercase characters (A through Z)
b) English lowercase characters (a through z)
c) Base 10 digits (0 through 9)
d) Non-alphabetic characters (for example, !, $, #, %)
Default: Enabled on domain controllers.

Disabled on stand-alone servers.
3. Minimum Password Age: This security setting determines the period of time (in days) that a
password must be used before the user can change it. You can set a value between 1 and 998 days,
or you can allow changes immediately by setting the number of days to 0.

[Note: Configure the minimum password age to be more than 0 if you want Enforce password history to be effective]
4. Maximum Password Age: This security setting determines the period of time (in days) that a
password can be used before the system requires the user to change it. You can set passwords to
expire after a number of days between 1 and 999, or you can specify that passwords never expire by
setting the number of days to 0. If the maximum password age is between 1 and 999 days, the
Minimum password age must be less than the maximum password age. If the maximum password
age is set to 0, the minimum password age can be any value between 0 and 998 days.
Default: 42 days

20
5. Enforce Password History: This security setting determines that the number of new Passwords must be
given to a user before the old password can be reused. The value must be between 0 to 24
Passwords.

6. Store Password Using Reversible Encryption: This security setting determines that the whether
Operating System stores the Password in reversible encryption or not.
If you will enable this security then it will like just like saving your password in plain text, so make sure
that, this password security must be set to disabled.
Default: Disabled

21
th
9 March, 2009
Offline File
If your network connection is not stable or network connection is not available at the time then you can make
network files available offline by storing shared files or folder on your computer so that they are accessible
when you are not connected to the network. If you do this, you can work with the files in the same way as you
work with them when you are connected to the network. When you reconnect to the network, changes that
you made to the files are updated to the network.
To Making Files & Folder Available Offline.

On Server
Go to Share Folder Properties Sharing Offline Setting Enable Apply Ok
Configure Client Computer to Use Offline File.

On Client Computer or Win XP pro.
Go to My Computer Tools Folder Option Offline Files Enable Apply Ok
Or
Go to Control Panel Folder Option Offline Files Enable Apply Ok
Home Folder
Home folder makes it easier for an administrator to backup users file & manages users a/c by collecting the
users file in one location. If you assign a home folder to a user you can store users data in a central location
on a server, make backup & recovery of data easier & more reliable.
One more advantage of home folder is that wherever user would login, user would be able to access his Home
folder (his saved filesetc) which is assigned by Sever Administrator.
To Assign Home folder

First of all make a share folder then
Go to Start Run dams Users Click on User Properties Profile Connect Select Drive letter In To
box type [\\IP or name of Server\folder share name] Apply Ok.

22
th
12 March, 2009
User Profiles
User profile is used to save users settings & preferences & to provide a user with a default location or folder
to save documents & personal files. Profile can be at local computer or network location both. User profile can
also be changed by the user or locked by the administrator. Profiles can be redirected to a network share and
accessed by the user from any computer in the network.
There are three type of User Profile:
1. Local User Profile 2. Roaming User profile 3. Mandatory User Profile
Local user Profile is located in the in the Documents & Settings folder on the Local Computer. When a user
st
logs on to the local computer for the 1 time, a subfolder matching to their username is created under the
Documents & Settings folder which is located in Windows drive (C drive). In this subfolder the users profile
& a hidden system file (netuser.dat) is also created.
When a user logs on to the computer, the ntuser.dat file is loaded, this contains the users preferences &
settings. Any changes to the user setting or preferences are saved back to the ntuser.dat file when the user
logs off the computer.
Roaming User Profile can be created when a users access more than one PC or move around the network to
ensure that the user will receive his or her user settings & preferences, no matter where they log on. This user
profile is created by the administrator in Active Directory by using profile tab in the users properties.
When a user logs on using Roaming Profile a local profile will remain on the local machine also if there is
unavailability of network then next time the user logs on from that PC, the locally cached profile will be
loaded. Changes to the local profile will not saved back to the Roaming profile
Note: when a user logs on users profile are taken form the network which creates a network traffic & long
logon time if user saves large files to their desktop or to their My Documents folder.
Steps to Create Roaming User Profile:

Sit On Server
1. Create a share folder in any drive in any PC.
2. Open Active directory users & computers
3. Select user to create roaming profile & Go to its Properties
4. In User Properties click on profile tab.
5. Type Profile Path [\\IP of the share folder PC\Folder share name\%Username%]
Mandatory User Profile is used when administrator wants no changes to Users Settings & Preferences by any
user. This is a fixed profile of a user which can not be modified or changed, if still user makes changes to
his/her profile the all changes will be lost when the user logs off, the next time when user logs in again all
settings will be reset to mandatory user profile.
To make Mandatory user profile

Go to user profile Right click on ntuser.dat file Rename the file to ntuser.man
Note: The ntuser.dat file is a hidden system file by default. To see this go to folder option view - uncheck hide protected
operating system files

23
th
16 March, 2009
Terminal Services
The use of Terminal Service is to provide a server, which can be used by multiple users to run an application.
In this we install an application in a server & after configuring this application in terminal service, users can run
this application by Remote desktop (Terminal Service). We can provide one application per LAN Card.
Microsoft provide separate client access license for Terminal Server.
Note: To avail more then one application in Terminal Service Well need one LAN Card for each Application.
There are three steps to use this Service:
1. Installing Terminal Server

Go to Control Panel Add Remove Programs Add Remove Windows Component Check
Terminal Server Check Terminal Server Licensing Yes follow the wizard- Finish.
2. Assigning an Application to Terminal Server

Start Programs Administrative Tools Terminal Service Configuration Connections Click on
RDP-TCP Properties Environment Check override Copy & Paste Program Path Apply OK
Or
Start Run tscc.msc - Connections Click on RDP-TCP Properties Environment Check override
Copy & Paste Program Path Apply OK
3. Assigning Permission to user to use Remote Desktop

Open Active Directory Users & Computer Built-in Click on Remote Desktop Users Properties
Members Add Advance Find Now Select Users Ok
To create a new connection in Terminal Service:

Start Run tscc.msc Right click on Connection Create New Connection Next- Type any Name Select a
Network Adapter Finish
[Note: Install Terminal Service then Install your application that you want to configure in terminal service]

24
Disk Quota
Disk Quota is often used by the administrator to ensure that available disk Space is reasonably distributed
among the users. Normally administrator has the ability to assign Disk Quotas.
To enable it
Go to Any Drive (in which you want to set Quota) Properties Check Enable quota management Check
Deny disk space to users exceeding quota limit Check Limit disk space to & Set limits Apply Ok
Quota Entries
Go to Any Drive(in which you want to set Quota) Properties Quota Quota Entry Click on Quota New
Quota Entry Advance Find Now Select Users Ok Set Limit Ok Apply Ok
Note: Disk Quota is enabled only in NTFS file system.

To convert fat file system to NTFS [RUN CMD Type Convert Drive Letter /fs:ntfs]
For Exp: [c:\convert E: /fs:ntfs]

25
th
8 March, 2009
Web Server
Web Server is a computer that delivers Web Pages. Every web server has an IP address & possibly Domain
name. For example, if you enter the
URL: http://www.vikas.com/index.html
In your browser, this sends a request to the server whose domain name is vikas.com. The server then fetches
the page named index.html and sends it to your browser.
(Note In above URL we can use IP address & Domain name as well)
You can run many web sites with different IP address or Different Port No.
By Default Web Server uses http protocol on port no. 80/tcp
To configure Web Server:
1. Create a Web Page.
2. Install Internet Information Service (IIS)

Go to Control Panel Add Remove Programs Add Remove Windows Component Select
Application Server Details Check IIS Ok Next up to Finish.
3. Configure one more IP in Same Net Adapter

Right click My Network Places Properties Go to TCP/IP Settings Properties Advanced Add
Type IP & Subnet Ok Close.
4. Create a new Web Site in Server

Start Programs Admin tools IIS Manager Right Click Web Site New Web Site Type Any
Description Select IP Brows for You Web Folder Select Web Folder Finish.
Right click your new web site Properties Documents Add Type your html file name Ok
Move up Apply Ok.
Now your Web site is ready
From your client computer Open Internet Explorer & Browse: http://IP or http://Domain name
[Note: to see port number with protocol c\windows\system32\driver\etc open this file with notepad]

26
th
19 March, 2009
FTP Server
We use FTP Server for download & Upload file in LAN or WAN. It uses FTP Protocol (File transfer
Protocol)
Installing FTP Service

Start Control Panel Add Remove Programs Add Remove Windows Component Application
Server Details IIS Details Check FTP Service.
Configuring FTP Service

Create a folder in any drive Set Permission Start Admin tools IIS Manager Right Click FTP
Sites New FTP site Type Any Description Select IP Browse the folder that you created Select
read & write Finish.
From your client computer Open Internet Explorer & Browse: ftp: //IP or http://Domain name

27
23rd March, 2009
Backup
Backup refers to making copies of data so that these additional copies may be used to restore the original
after a data loss event. These additional copies are typically called "backups." Backups are useful primarily for
two purposes. The first is to restore a state following a disaster (called disaster recovery). The second is to
restore small numbers of files after they have been accidentally deleted or corrupted.
Backup Types
There are five different types of backups and each type of backup handle data in slightly different way.
1. Normal
2. Incremental
3. Differential
4. Copy
5. Daily
Normal backup copies all the files you select and marks each file as having been backed up (in other words,
the archive attribute is cleared). With normal backups, you only need the most recent copy of the backup file
to restore all of the files. You usually perform a normal backup the first time you create a backup set.
Incremental backup backs up only those files that have been created or changed since the last normal or
incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared).
If you use a combination of normal and incremental backups, you will need to have the last normal backup set
as well as all incremental backup sets to restore your data.
Backing up your data using a combination of normal backups and incremental backups requires the least
amount of storage space and is the quickest backup method. However, recovering files can be time-consuming
and difficult because the backup set might be stored on several disks
Differential backup copies files that have been created or changed since the last normal or incremental
backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared).
If you are performing a combination of normal and differential backups, restoring files and folders requires
that you have the last normal as well as the last differential backup.
Backing up your data using a combination of normal backups and differential backups is more time-
consuming, especially if your data changes frequently, but it is easier to restore the data because the backup
set is usually stored on only a few disks
Copy backup copies all the files you select, but does not mark each file as having been backed up (in other
words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and
incremental backups because copying does not affect these other backup operations.
Daily backup copies all the files that you select that have been modified on the day the daily backup is
performed. The backed-up files are not marked as having been backed up (in other words, the archive
attribute is not cleared).
(Note: Normal & Incremental backup clears Archive after backup where Differential, Copy, & Daily backup doesnt Clear Archive)
To Backup Data
Start Run ntbackup Select Backup files & Setting Select Let me choose what to backup Select File
or Folder Select name & location to Save Backup Click Advance to choose Backup Type Select schedule
if you want - Finish

28
23rd March, 2009
Implementing, Managing, and Maintaining a Windows Server 2003
TCP/IP Overview
TCP/IP is a Protocol Suite. In Internet now a day we are using TCP/IP Protocol Suit.
Other protocol suits are also there like:
1. IPX/SPX
2. Apple talk
3. NetBios/Netbeui
Microsoft also uses TCP/IP protocol suite in its Operating System.
There are various protocols in TCP/IP protocol suite
OSI Layers Protocol
Application Layer, DNS, DHCP, FTP, HTTP, TFTP, TELNET, SMTP

Presentation Layer Upper Layer POP, IMAP, ETC..
& Session Layer NETBIOS (Session Layer uses only)
Transport Layer TCP, UDP
Network Layer IP, ICMP, ARP, RARP
Data Link Layer HDLC, SDLC, FRAME RELAY
Physical Layer (No protocol is used here, it works with Ethernet or

token ring)
DNS- Domain Name System

DHCP- Dynamic Host Configuration Protocol
FTP- File Transfer Protocol
TFTP- Trivial File Transfer Protocol
HTTP- Hyper Text Transfer Protocol
Telnet- Telephony Network
SMTP- Simple Mail Transfer Protocol
POP- Post Office Protocol
IMAP- Internet Massage Access Protocol
NetBIOS- Network Basic Input/Output System
TCP- Transmission Control Protocol
UDP- User Datagram Protocol
IP- Internet Protocol
ICMP- Internet Control Massage Protocol
ARP- Address Resolution Protocol
RARP- Reserve Address Resolution Protocol
HDLC- High-level Data Link Control Protocol
SDLC- Synchronous Data Link Control Protocol
There is associated Port number to every Application Protocol.

[Note: to see port number with protocol c\windows\system32\driver\etc open this file with notepad]

29
Sub-netting
It is a Process of creating smaller network by shifting host bit to network bit. It is subnet mask which denotes
network portion & host portion of an IP address. For sub netting we change subnet mask. It increases number
of network & decreases number of host. PC of single network Ping each other in LAN without use of router.
Purpose:
1. To Create Smaller Network
2. To Appropriate Use of IP Address
3. to Prevent IP Address Wastage
4. To Enhance Network Performance
5. To make Network Management easy
6. To Enhance Security
7. To minimize broadcast message.
To find out number of network

n
Use = 2^
Where n is the number of on bit or 1 bit in Subnet mask
To find out number of Host

m
Use = 2^ -2
Where M is number of off bit or 0 bits in Subnet mask
Default Network Size:
Network Host
24
Class A 126 2 -2 = 1, 67, 77,214
16
Class B (191-127) X 256 =16,384 2 -2 = 65,534
8
Class C (223-191) x 256 x 256 = 20, 97, 152 2 -2= 254

30
th
25 March, 2009
Conversion binary to decimal
Binary
Computers are based on the binary numbering system, which consists of just two unique numbers, 0 and 1.
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 =255
Examples:
By following the above equation
0 0 0 0 0 0 0 0=0
0 0 0 0 0 0 0 1=1
0 0 0 0 0 0 1 1=3
0 0 0 0 0 1 1 1=7
0 0 0 0 1 1 1 1 = 15
0 0 0 1 1 1 1 1 = 31
0 0 1 1 1 1 1 1 = 63
0 1 1 1 1 1 1 1 = 127
1 1 1 1 1 1 1 1 = 255
Or
1 0 0 0 0 0 0 0 = 128
1 1 0 0 0 0 0 0 = 192
1 1 1 0 0 0 0 0 = 224
1 1 1 1 0 0 0 0 = 240
1 1 1 1 1 0 0 0 = 248
1 1 1 1 1 1 0 0 = 252
1 1 1 1 1 1 1 0 = 254
1 1 1 1 1 1 1 1 = 255
Conversion decimal to binary

Exp. Calculate Binary for = 100
Sol: To Calculate Binary of 100 divide it by 2 until youll not get last Reminder 1 or 0
Reminder
100/2 = 50 0
50/2 = 25 0
25/2 = 12 1
12/2 = 6 0
6/2 = 3 0
3/2 = 1 1
Count the highlighted figures down to upward
1 1 0 0 1 0 0 = 100
Explanation: 64 32 0 0 4 0 0 = 100

31
CIDR (Classless Inter Domain Routing)
A CIDR IP address looks like a normal IP address except that it ends with a slash followed by a number, called
the IP network prefix. For example: 192.168.0.0/24
{/24 denotes the total bit used in subnet mask for exp. 255.255.255.0 = /24}
Subnet mask CIDR Number of Net. Number of Host

0 8
255.255.255.0 /24 2 =1 2 =256
1 7
255.255.255.128 /25 2 =2 2 =128
2 6
255.255.255.192 /26 2 =4 2 =64
3 5
255.255.255.224 /27 2 =8 2 =32
4 4
255.255.255.240 /28 2 =16 2 =16
Lets find out the Range by keeping base Subnet mask
Class C
SM Range
{255.255.255.0) or /24 192.168.0.0 to 192.168.0.255
(255.255.255.128) or /25 192.168.0.0 to 192.168.0.127

192.168.0.128 to 192.168.0.255
(255.255.255.192) or /26 192.168.0.0 to 192.168.0.63

192.168.0.64 to 192.168.0.127
192.168.0.128 to 192.168.0.191
192.168.0.192 to 192.168.0.255
(255.255.255.224) or /27 192.168.0.0 to 192.168.0.31

192.168.0.32 to 192.168.0.63
192.168.0.64 to 192.168.0.94
192.168.0.95 to 192.168.0.126
192.168.0.127 to 192.168.0.158
192.168.0.159 to 192.168.0.190
192.168.0.191 to 192.168.0.222
192.168.0.223 to 192.168.0.254

32
th
26 March, 2009
DHCP (Dynamic Host Configure Protocol)

DHCP is a network protocol that enables a server to automatically assign an IP address to an individual
computer's TCP/IP.
Windows Server, router can be configured as DHCP Server.
It provides IP address, Subnet Mask, Default Gateway address, DNS Server address to all the Client Computers
automatically.
DHCP works on (Port No. 67/udp)
Scope is a valid range of IP addresses which are available for assignments or lease to client computers on a
particular subnet. In a DHCP server, you configure a scope to determine the address pool of IPs which the
server can provide to DHCP clients
Super Scope can be used to combine two or more scopes, each serving different subnets, and can make the
administration of several scopes on a Windows Server 2003 DHCP Server more manageable.
DHCP Reservation
You can bind any IP address with any computer mac address from range of scope.
80/20 Rule
For availability we can configure two DHCP Server. In this case for any network 80% IP address in one DHCP
Server & rest 20 % IP address in another DHCP Server is configured.
DHCP Lease Process

A DHCP-enabled client obtains a lease for an IP address from a DHCP server. Before the lease expires, the
DHCP server must renew the lease for the client or the client must obtain a new lease. Leases are retained in
the DHCP server database approximately one day after expiration.
The first time a DHCP-enabled client starts and attempts to join the network; it automatically follows an
initialization process to obtain a lease from a DHCP server.
1. The DHCP client requests an IP address by broadcasting a DHCPDiscover message to the local subnet.
2. The client is offered an address when a DHCP server responds with a DHCPOffer message containing an IP
address and configuration information for lease to the client.
3. The client indicates acceptance of the offer by selecting the offered address and replying to the server
with a DHCPRequest message.
4. The client is assigned the address and the DHCP server sends a DHCPAck message, approving the lease.
Other DHCP option information might be included in the message.
5. Once the client receives acknowledgment, it configures its TCP/IP properties using any DHCP option
information in the reply, and joins the network.
In rare cases, a DHCP server might return a negative acknowledgment to the client. This can happen if a client
requests an invalid or duplicate address. If a client receives a negative acknowledgment (Decanal), the client
must begin the entire lease process again.

33
APIPA
APIPA Short for Automatic Private IP Addressing
With APIPA, DHCP clients can automatically self-configure an IP address and subnet mask when a DHCP server
isn't available. When a DHCP client boots up, it first looks for a DHCP server in order to obtain an IP address
and subnet mask. If the client is unable to find the information, it uses APIPA to automatically configure itself
with an IP address from a range that has been reserved especially for Microsoft. The IP address range is
169.254.0.1 through 169.254.255.254. The client also configures itself with a default class B subnet mask of
255.255.0.0. A client uses the self-configured IP address until a DHCP server becomes available.
Installation of DHCP Service

Go to Control Panel Add Remove Window Program Add Remove Window Component Network Services
Details Check DHCP Server Next Up to finish.
Configuring DHCP Service

1. Start Program Administrative Tools DHCP Right Click on DHCP Add Server Browse Advance
Find Now Select Server Ok
2. Right Click On Server New Scope Next Name this Scope Give IP Range & Subnet Mask Add IP
Range to Exclude Set Lease Duration(optional) Check Yes to configure DHCP Give Routers IP
(Default Gateway) Add the DNS Server IP Add WINS Server IP (If Using WINS Server) Check Yes
Finish

34
th
29 March, 2009
DNS Server
DNS (Domain Name System) is a database system that translates a computer's fully qualified domain name
(FQDN) into an IP address. DNS Server works on Port no. 53 TCP/UDP
FQDN
Computers host name & Domain name is called FQDN
For Exp. Computer host Name: Vikas
Domain Name : IBM.com
FQDN : Vikas.IBM.com
The use of DNS in the internet is to resolve internet domain name to its IP address.
For Exp. www.google.com to 209.89.153.104
The use of DNS in the any company is to resolve Domain name to IP address.
Active Directory service requires DNS Server to communicate between domain controllers. It uses SRV Records
(Service Record).
In Internet there is domain called root domain, indicated as . Dot

There are some top level domains such as:
.com
.uk
.org
.in
.gov
Etc..
There are two types of DNS queries:

1 Iterative Queries
In iterative queries, name servers or DNS Server resolve the query with its own database. If this server
doesnt resolve the query it gives IP address of another DNS server which has the required IP address, so
it sends that information back. The response to an iterative query can be:
"I don't have the IP address you seek, but the Name Server (DNS Server) at 10.1.2.3 can tell you."
2 Recursive Queries
In recursive queries, DNS server resolve the query with its own database if it doesnt have the required
information, it contact another Name Server (called forwarders) & passes the information itself.
Root Hints
A DNS server contains a list of preliminary resource records (root hints) that can be used by the DNS service to
locate other DNS servers that are authoritative for the root of the DNS domain. The root hints are stored in
the file CACHE.DNS, located in the systemrootSystem32Dns folder.
Caching Only Server

It is a Server in which DNS Service is installed but not configured. It can resolve internet domain with the help
of root hints.
Forward Lookup Zone is a zone in DNS server which resolve computer FQDN to IP address
Forward & Reverse Lookup Zone is a zone in DNS server which resolve computer FQDN to IP & IP to FQDN
both.

35
Zone: It is a name of domain such as ibm.com.
Primary Zone: DNS Server is authoritative for primary zone. We can create records in primary zone.
Secondary Zone: It is a zone of another DNS server primary zone. It is used for load balance. We cant create
records in secondary zone.
Stub zone: It is also a zone of another DNS server. A stub zone is a copy of a zone that contains only those
resource records which are necessary to identify the authoritative DNS Server for that zone. It keeps only
three types of records:
a. Name Server records (NS)
b. Host (A) records
c. Start of Authority resource (SOA)
Resource Records
1. Host (A) Records: It has computer FQDN & IP records used for power lookup zone.
2. Pointer (PTR) Records: It has computer IP & host Name record. (used for reverse lookup zone)
3. Mail exchanger (MX) Records: Used for mail server record
4. Service (SRV) Records: Used for active directory service. If DNS server is installed in domain controller
then zone is called active directory integrated zone.
Client computer queries to resolve of name in following order:

1. Host files
(C:\windows\system32\dirvers\etc\hosts or start-run-Type drivers- open that file in Notepad)
2. Cache Memory
To clear cache (repair or in cmd type ipconfig /flushdns)
3. DNS Server
(ipconfig /registerdns)
NSLOOKUP Command (in command prompt)

This command Query a DNS domain name server to lookup and find IP address information of computers in
the internet. It Convert a host or domain name into an IP address & IP to Host or Domain.
Installing DNS Server

Go to Control Panel Add Remove Programs Add Remove Windows Component Networking Services
Details Check DNS OK Next Finish
To Configure DNS Server

Start Admin Tools DNS Right click On Computer Name Configure DNS Server Next Select create
forward & reverse lookup zone select yes Select primary zone Select to all domain controller in
active directory domain Type Zone Name (Give domains) Next Next Next Next Next Type
Network IP Next Next select yes if want forwards Finish
Creating Host Records

Start Admin tools Right Click any Zone Name New Host (A) Type Name of Any Existing Computer Type
Computer IP address Click Add Host Ok Done

36
nd
2 April, 2009
RIS (Remote Installation Service)
The use of RIS Server is to install Operating System in many clients simultaneously (all at once) by booting
through LAN Card. There is no need of CD-Rom Drive in client computer & dont need installed operating
system in client computer.
To Configure RIS Service there must be:

(i) Active directory Service In Server
(ii) A Configured DNS Service
(iii) A Configured DHCP Service
(iv) Client Computer Must Support Booting from LAN Card (PXE-Pre Execute environment LAN CARD)
(v) There must be separate Drive to keep Image
Installing RIS Service

Start Control Panel Add Remove Program Add Remove Windows Component Check Remote
Installation Service Next Finish
Creating Image
Start Program Admin tools Remote Installation Service Setup Next Browse for Location to save Image
Next Check Respond to client Computer Next Browse for CD Next up to finish (Run RISetup.exe)
Go to Admin tools Services & Start DHCP, DNS & Remote Installation services
From Client Computer
1. Restart computer Enter in BIOS - Advance - Enable On board LAN

- Boot - Enable Boot from network
- Boot device priority - Set 1st LAN Card
3. Save BIOS & Exit
4. on Computer Startup Press Shift + F10
5. A display will appear

st
a. Set Always boot network 1
b. Set Boot order to Int 19G
Press F4 to Save & Quit
& when system restart Press F12 to boot from Network
To disable Auto partition in RIS image

Search file ristndrd.sif there will be two file, open them in notepad & change repartition & use whole disk to NO

37
VPN Server or RAS Server 3rd April, 2009
Remote Access Server
We configure remote access server to provide access to companys network from outside of network to
roaming user. For remote access server we configure we configure VPN Server (Virtual Private Network)
We can configure VPN Server in windows server 2003 from Routing & Remote Access feature. VPN uses
PPTP (point to point tunneling protocol) to secure connection.
There must be two LAN card in VPN Server.

1. One for ISP
2. For LAN Connection
We have to configure pool of private IP address in VPN Server which will be assigned to roaming user to
connect to company LAN.
To Configure VPN Server

Start Admin tools Routing & Remote Access Right Click on Computer Name Select Enable routing &
remote access Next Select Remote access VPN Check VPN Select LAN card (Connected with ISP)
Select LAN card (Connected with LAN) Select From a specific range New Give Range Ok Next Next
Finish Ok
Assign Permission to User to use remotely access the company network.

Start Admin tools Active directory users & computers Right click on User Properties Dial-in Check
Allow Access Apply- Ok
From Client Computer

Go to Network Places Properties New connection wizard Next Select Connect to the network to my
workplace Select VPN Connection Type Company Name (Any) Type companys VPN Servers IP address
Next Finish Properties Options Check include windows logon domain - Ok

38
th
6 April, 2009
Configuring Windows Server 2003 as Router
Router is a layer-3 inter-network device which is used to communicate between two different networks.
It routes packet to destination network & selects best path to the destination.
We can configure windows server 2003 as a router however there should be two LAN card with different IP
address in the Server.
To Configure Server 2003 as Router
1. Go to Start Programs Admin tools Routing & Remote Access Right Click on Computer name Select
Configure & Enable Routing & Remote Access Next Custom Configuration Select All Next Finish
2. Go to Routing & Remote Access Expend Computer Name Expend IP Routing Right Click on
General Select New Interface Select One Local Area Connection Ok Again Right Click on
General - Select New Interface Select Second Local Area Connection Ok
3. Right Click General New Routing Protocol Select RIP Version-2 for Internet Protocol Ok
4. Right Click RIP (routing information protocol) Select New Interface Select One Local Area
Connection - Ok Again Right Click on RIP - Select New Interface Select Second Local Area
Connection Ok

39
To Configure DHCP Relay Agent
1. Go to Admin Tools Routing & Remote Access Expand IP Routing Right Click General New Routing
Protocol Select DHCP Relay Agent OK
2. Right click DHCP Agent New Interface Select Local Area Connection of Second Network Right Click
DHCP Relay Agent Properties Type IP Address of DHCP Server Add Apply Ok

40
th
10 April, 2009
IPsec (Internet Protocol Security)
It is used to secure communication between
1) Two Computers
2) Two Network
3) Remote Access
4) LAN
5) WAN
IPsec ensure that two computer starts communication according to ipsec policies. It encrypts whole
communication.
To Open IPsec policies:
Start Program Admin tools - or Start Control Panel Admin tools Security Policies IP security policies.
There youll find Three Default security policies:

1. Server (Request Security)
For all IP traffic always request security using Kerberos trust. It allows unsecured communication with Client
that doesnt respond to request.
2. Client (Respond Only)

It communicates normally (Unsecured). It used the default response rule to negotiate with servers that
request security. Only the requested protocol and port traffic with that server is secured.
3. Secure Server (Require Security)

For all IP traffic it always requires security using Kerberos trust. Do not allow unsecured communication with
un-trusted client.
We can also create a new IPsec policy

To Create IPsec policy:
1. Go to Admin tools Security Setting Right Click IP security policy Create IP Security Policy Next
Name your security policy Uncheck Active the default respond rule Uncheck Edit properties -
Finish
2. Right click your new policy Properties Click Add In rule tab Next Next Next In Authentication
Method page Use the key exchange Click Add for new filter Again Add Next Select Source
address of IP traffic to a specific IP subnet Set network IP & subnet mask Select the destination
address of IP traffic to a specific IP subnet Select network IP & subnet mask Select protocol
(Optional) next finish - Ok
3. Check your filter Next Select filter action respond in server & require in client Next Finish
Apply Ok
4. Now right click your policy & Assign
Note:
1. we can assign only one policy at a time
2. Run gpudate to refresh changes in group policies

41
Planning and Maintaining a Windows Server 2003 Network Infrastructure [070-293]
Window Clustering
Network Load balancing
For ability & scalability of service we configure Network Load Balancing. In NLB (network load balancing) we
connect multiple sever physically to work as a single sever logically. All nodes (Computer) of NLB work on
single IP address (called cluster IP address) & NLB generates a common MAC address for all nods according to
cluster IP address. It provides services for all protocol & all port number. You can configure protocol & port
number. Generally we configure NLB for web server, ISA (Internet Security Acceleration) Server, VPN Server, &
Terminal Server.
Main advantage of network load balancing is-
1. Load Balancing
2 service Availability
Note:
a) There should be common database in all nodes so that all nods can provide common service.
b) We can add maximum 32 nods in network load balancing.
To configure network load balancing:-

Go to Admin tools - Network Load Balancing Manager - Right Click on "Network Load Balancing Cluster" -
Select "New Cluster" - Set a "IP & Subnet" - Next - Next - Next - Give IP of Same computer in "Host" & Click
"Connect" - When Connected Select "Local Area Connection" & then "Next" - Set Priority "1" - Finish
Connecting another node in network load balancing:-

Open "Network Load Balancing Manager" - Write Click "cluster.domain.com" - Add Host to Cluster - Give IP of
Another host & Click "Connect" - When Connected Select "Local Area Connection" & then "Next" - Set Priority
"2" - Finish

42
th
15 April, 2009
Difference between Network Loads Balancing Cluster & Server Cluster
1. NLB can be configured in all addition of Windows Server 2003 Whereas Server cluster can be configured
only in Enterprise edition & Data Centre Edition.
2. You can add maximum 32 nods in NLB but you can add maximum 8 nodes in Server Cluster.
3. NLB will load Balance TCP & UDP traffic whereas Server Cluster loads fails over & fails back application.
4. For NLB there is no hardware required but for Server Cluster you need network storage device like SAN
(Storage Area Network) or NAS (Network Area Storage)
5. We can configure NLB for Web Server, ISA (Internet Security Acceleration) Server, VPN Server, & Terminal
Server, but we configure server cluster for Exchange Server, SQL Server, & for file & Print Server.
To configure Server Cluster

Go to Admin tools Cluster Admin Create New Cluster Ok Next Select Your Domain Name Type
st
Cluster Name Next Browse for your 1 Node Next Next Give Common IP address Next - Type
Administrator's User Name & Password Next - Finish

43
th
19 April, 2009
Certificate Services
This Service is used to secure communication between two computers.
Or we can say Certificate is used to ensure that the computer is communicating with correct computer
Certificate Services encrypt our information to secure data.

For exp.
We access web server through HTTP protocol. If there is certificate service is installed then your access will be
on HTTPS protocol.
HTTP Hyper Text Transfer Protocol (Port No. 80)
HTTPS HTTP with SSL (Secure Socket Layer) (Port No. 443)
For Encryption & Decryption Certificate Service use two types of keys
1. Public Key is used to encrypt data
2. Private Key is used to decrypt data.
Note:
1. A computer never sends its private key in network.
2. Every public key has its own concern private key which can only decrypt the data.
1. Installing Certificate Services

Go to "Add Remove Windows Component" - Check "Certificate Service" - Yes - Next - Select "CA Type" -
Type Name (Any) - Next - Next - Finish
There are four types of CA

1. Enterprises root CA (For Domain)
2. Enterprises Subordinate CA (For Domain)
3. Stand-alon root CA (For Workgroup)
4. Stand-alon Subordinate CA (For Workgroup)
2. Requesting a Certificate from CA

Go to "http://IP/certsrv" - Click download CA certificate
Note:
If above URL doesn't Open
Go to IIS Manager - Web Service Extensions - Allow Active Server Page"
3. Securing Web Server

a. Go to IIS Manager - Extend "Website" Folder - Right Click on Web Site(to secure) - Properties -
Directory Security - Click "Server Certificate" - Next - Select "Assign a existing Certificate" -
Select Certificate - Next - Next - Next - Finish
b. Go back to IIS Manager - Extend "Website" Folder - Right Click on Web Site(to secure) -
Properties - Directory Security - Click "Edit Certificate" - Check "Require Secure Channel - Check
"Require 128-bit encryption
Note: If your existing certificate is incorrect then your site might not open.

44
nd
Planning, Implementing, and Maintaining a Windows Server 2003 22 April, 2009
Active Directory [070-294]
Domain
Domain is a group of users & computers defined by the administrator with the common rule & procedure.
Type of Domain:-
st
1. Forest root domain: Its 1 domain of new forest. As soon as you run dcpromo command selecting
option domain in new forest, it creates new forest root domain.
2. Child Domain: It is a sub- domain of domain. It has its own AD database. We can manage both
domains from any where if permissions are assigned. Its name includes its parent name as suffix.
i.e. Parent domain: IBM.com
Child Domain: X.IBM.com
3. New Domain Tree: We can create new domain tree if you dont want to create a child domain. New
domain tree will have different name then forest root domain. It has its own database. We can
manage both domains from anywhere if permissions are assigned.
Type of Domain Controller:-

1. Domain Controller (DC): It is a Windows Server 2003 installed computer in which Active Directory
Service is installed. Domain Controller is used to manage domain object such as Users & Computers
Centrally.
2. Additional Domain Controller (ADC): It has a writable copy of database of domain controller. Its used
for load balance of DC. Both has same active directory users & computer page.
Active Directory
It is a directory service which is installed to configure Windows Server 2003 as a domain controller. It has
information of all domain objects like Users & Computers
Tree
It is a collection of Parent Domain & Child Domain.
Forest
It is a collection of Tree
th
27 April, 2009

45
Operations Master Role
Active Directory supports multimaster replication of the directory data store between all domain
controllers in the domain. However some changes are impractical to perform in using multimaster
replication, so, for each of these types of changes, one domain controller called the operations master,
accepts requests for such changes.
There are two type of OMR (operations master role):

1. Forest wide
2. Domain wide
In every forest, there are at least five operations master roles that are assigned to one or more domain
controllers.
Forest-wide operations master roles must appear only once in every forest.
Domain-wide operations master roles must appear once in every domain in the forest.
Note: The operations master roles are sometimes called flexible single master operations (FSMO) roles.
1. Forest wide operation master role

Every forest must have the following roles:
a) Schema master
b) Domain naming master
These roles must be unique in the forest. This means that throughout the entire forest there can be only
one schema master and one domain naming master.
Schema: The set of definitions for the universe of object that can be stored in a directory. For each object class
schema defines which attributes & instance of the class must have & which additional attribute it can have.
i) Schema master: The schema master domain controller controls all updates and modifications to the
schema. To update the schema of a forest, you must have access to the schema master. There can be
only one schema master in the entire forest.
ii) Domain Naming Master: it controls the addition or removal of domains in the forest. There can be only
one domain naming master in the entire forest.
Global catalog server(GC server): Its a directory database that applications & client can quarry to locate any
object in a forest. GC contains partial replica of every domain directory partition the forest
2. Domain wide operation master role

Every domain in the forest must have the following roles:
a) Relative ID (RID) master
b) Primary domain controller (PDC) emulator master
c) Infrastructure master
These roles must be unique in each domain. This means that each domain in the forest can have only one RID
master, PDC emulator master, and infrastructure master.
i) Relative ID (RID) master: The RID master allocates sequences of relative IDs (RIDs) to each of the various
domain controllers in its domain. At any time there can be only one domain controller acting as the RID
master in each domain in the forest.
Whenever a domain controller creates a user, group, or computer object, it assigns the object a unique
security ID (SID).
ii) PDC emulator master: The PDC emulator master acts as a Windows NT primary domain controller for
earlier version of windows (pre win 2000) & Backup domain controller (BDC). It Processes password
changes from client. Its also responsible for synchronizing the time on all domain controllers
throughout the domain. Its supports two authentication protocols:
The Kerberos V5 protocol
The NTLM (New Technology LAN Manager) Protocol

46
iii) Infrastructure master: It compares its data with that of a global catalog. Then it replicates that updated
data to the other domain controllers in the domain.
It is also responsible for updating the group to user references whenever the member of groups are
renamed or changed
Note: the infrastructure master role should not be assigned to the DC that is hosting the global catalog.
We can transfer & seize (seizure) operation master role from one DC to ADC. We can also query about the
roles.
Commands to query OMR
i) dsquery server hasfsmo name

ii) dsquery server hasfsmo infr
iii) dsquery server hasfsmo pdc
iv) dsquery server hasfsmo rid
v) dsquery server hasfsmo schema
st
To transfer & to seize rols youve to 1 connect DC by running following cmd. Then youve to run cmds to
transfer or to seize.
1. ntdsutil
2. At the ntdsutil command type : rols
3. At the fsmo maintenance command prompt type: connection
4. At the server connect command prompt type: connect to server domain controller
5. at the server connection command prompt type: quit
Then run cmds to transfer:

i) transfer rid master
ii) transfer pdc
iii) transfer infrastructure master
iv) transfer domain naming master
v) transfer schema master
To seize OMR
i) seize rid master
ii) seize pdc
iii) seize infrastructure master
iv) seize domain naming master
v) seize schema master

47
th
27 April, 2009
To Transfer Operations Master Role Graphically
Go to Start Program Admin Tools Active Directory Users & Computer Right Click omain Name
Connect to Domain Controller Select Another Domain Controller Ok Right Click Domain Name
Operations Masters Select Role Change Ok Close
To Transfer Forest-Wide Role Graphically
Go to Start Program Admin Tools Active Directory Domain & Trusts Right Click Active Directory
Domain & Trust Connect to Domain Controller Select Another Domain Controller Ok Right Click
Active Directory Domain & Trust Operations Masters Change Ok Close
To Transfer Schema Master Role Graphically
1. Go to Start Run regsvr32 schmmgmt.dll.
2. Start Run mmc File Add Remove Snap-in Add Select Active Directory Schema Add Close
Ok File Save as Type Name AD Schema (optional) Save.
3. Start Admin Tools Open AD Schema Right Click Active Directory Schema Change Domain
Controller Specify Name Ok Right Click Active Directory Schema Operations Master Ok Close.
To Configure a Domain Controller as a Global Catalog Server
Go to Admin Tools Active Directory Sites & Services Expand Sites Expand Default First Site Name
Expand Server Expand Domain Controller Right Click NTDS Settings Properties Check Global
Catalog Apply Ok - Close

48
th
30 April, 2009
Back up & Restore Active Directory
To Backup Active Directory:

Start - Run - "ntbackup" - Click on "Advanced Mode" - Click "Backup Wizard Advance" - Next - Select "Only
Backup System State Data" - Browse For Location to Save Backup - Next - Advanced - Next - Select "Verify
Data After Burning" - Next - Next - Next - Finish
To Restore Active Directory:

There are three kind of Restore of Active Directory
a) Normal Restore
b) Primary Restore
c) Authoritative Restore
Normal restore
Start Computer in Safe mode - Select "Directory Service Restore mode" - Start - Run - ntbackup - Select
"Advanced Mode - Select "Restore Wizard (Advanced) - Next - Select Your AD Backup - check "System State" -
Next - Advanced - Next - Ok - Next - Next - Finish
Primary restore
Start Computer in Safe mode - Select "Directory Service Restore mode" - Start - Run - ntbackup - Select
"Advanced Mode - Select "Restore Wizard (Advanced) - Next - Select Your AD Backup - check "System State" -
Next - Advanced - Next - Ok - Next - Check "Restore Data as the primary data for all replicas" Finish
Authoritative restore
1. Restore you backup Normally as mentioned above
2. Before restarting computer - Go to Run - Cmd - Type "ntdsutil" - Authoritative restore - Restore subtree
ou=OU_Name,dc=Domain_Name,dc=xxx Quit Quit - Restart

49
st
1 May, 2009
OU (Organization Unit)
Organizational units are Active Directory containers into which you can place users, groups, computers, and
other organizational units. An organizational unit cannot contain objects from other domains.
In another words An organizational unit (OU) is a subdivision within an Active Directory into which you can
place & manage users, groups, computers, and other organizational units according to branch location wise,
company department wise etc...
An organizational unit is the smallest scope or unit to which you can assign Group Policy settings or delegate
administrative authority.
To Create an OU
Run dsa.msc Right Click on Domain Name Select New Select Organization Unit Type OU Name
(Any) Ok
To Move Users in OU
Go to Active Directory Users & Computer Right Click on User Select Move Select OU Ok

50
th
6 May, 2009
Software deployment through Group Policy
You can deploy software through group policy to any OU. Member of OU can get there software installed in
any computer in the domain.
Process of software deployment (Ms Office 03)

1. Create a share folder in domain in any drive & copy the all content of "ms office 2003" in it.
2. Run "dsa.msc" - Right Click "OU" - Properties - Group Policy - Click "New" - Select "New Group Policy
Object" - Edit - User Configuration - Expand "Software Setting" - Right Click on "Software Installation" -
New - Package - Go to the Shared folder - Select ".msi file" - Click "Open" - Select "Assign" Ok
3. Right Click on "Software Installation" - Properties - Browse for shared folder - Click "Assign" - Apply - Ok
Close
4. Run "Gpupdate /force" to refresh Group Policy.
Note: There are two options "Publish" & "Assign" if you "Assign" software it will be displayed on "Start Menu"
in "All Program" & if you "Publish" software it will be displayed in "Control Panel" in "Add New Program"

51
th
8 May, 2009
Active Directory Sites & Services
By default all domain & additional domain replicates with each other within every 15 minutes.
Active Directory Sites & Services is an optional configuration to manage replication between sites.
If your WAN connection which connects your two branch office is a slow connection, then you must configure
& manage site replication.
To configure site replication you need to do the following configuration:
1. To Create Site
a. Start - Program - Admin Tools - Active Directory Sites & Services - Expend "Site" - Rename "Default-first-
site-name"
b. To Create another site

Right Click on "Site" - Select "New Site" - Name it - Select "DEFAULTIPSITELINK" - Ok
2. Move DC
Expand Server - Right Click on DC name - Select "Move" - Select "Site" - Ok
3. Associate a Subnet with Site

Expend Sites - Right click on "Subnet" - New Subnet - Type Network Address & Subnet Mask - Select Site -
Ok
4. Create Site Link

a. Expand Intersite Transports - Select IP - Right Click "DEFAULTIPSITELINK" - Rename it (Exp.Delhi-Mumbai)
b. To add New Link - Right Click on "IP" - New Site Link - Name it (Exp.Delhi-Chennai) - Add Site in Site Link
Ok
There are two protocols for intersite transport "IP & "SMTP", if your WAN connection is persistent & reliable
then you'll create site link under "IP" Protocol, & if your WAN connection is unreliable & links goes up & down
frequently then you'll create site link under "SMTP" Protocol.
5. Configure Site Link Cost

Expand Intersite transport - Select "IP" - Right Click on "Site Link" - Properties:
Cost value is used to set priority to site link, lower the cost value higher the priority.
The default Cost value =100 & we can change it from "1 to 99999"
6. Configure Site Link Replication Availability

Expand intersite transport - Select "IP" - Right Click on "Site Link" - Properties:
Replicate Every
Default Value - 180 Minutes
Range - 15 to 10080 Minutes
Set range -Click Schedule to "Set Date & time of Replication" - Apply - Ok

52
th
11 May, 2009
Trust relationship
It is a relationship between two domains. We enable & configure it to provide access to resources of two or
more domains. By default Trust exist in all domain of the same forest but if we want access to domain of
different forest then we need to enable & configure Trust.
For example: There is merging or overtaking between two companies than we have to create trust
relationship between two different forests so that they can access resources of each other.
Trust Type
Default Trusts
Other Trusts
1. Default Trust
Two default Trusts are created when you use active directory installation wizard.
Trust Type Transitivity Direction Description
Parent & Transitive Two-Way By default, when a new child domain is

Child added to an existing domain tree, a new
parent and child Trust is established.
Tree-root Transitive Two-Way By default, when a new domain tree is

created in an existing forest, a new tree-
root trust is established.
2. Other Trusts
Four other types of trusts can be created using the New Trust Wizard or the Netdom command-line tool
Trust Type Transitivity Direction Description
External Non transitive One-Way or Use external trusts to provide access to

Two Way resources located on a separate forest that
is not joined by a forest trust
Realm Transitive/ One-Way or

Use realm trusts to form a trust
Non tansitive Two Way
relationship between a non-Windows
(Linux etc.) and a Windows Server 2003
domain.
Forest Transitive One-Way or Use forest trusts to share resources

Two Way between forests.
Shortcut Transitive One-Way or

Use shortcut trusts to improve user logon
Two Way
times between two domains within a
Windows Server 2003 forest. This is useful
when two domains are separated by two
domain trees.

53
Trust Direction
1. One Way Incoming Trust

2. One Way Outgoing Trust
3. Two Way Trust
Trust Transitivity
1. Transitive Trust: A transitive trust can be used to extend trust relationships with other domains.

54
2. Non-Transitive Trust: a non-transitive trust can be used to deny trust relationships with other domains.
Process of creating Trust between two forests:

Go to Start Program Admin Tools Active Directory Domain & Trust Right Click on Domain Name
Properties Trusts New Trust Next Type DNS or NetBios Name of other Domain Select Two way
Select This Domain Only Type Password Next Finish Ok

55
th
13 May, 2009
Delegate Control Wizard
You can delegate administrative control of a particular domain or organizational unit to individual
administrators responsible for only that domain or organizational unit.
To Delegate Control:
On Domain
Start - Program - Admin Tools - Active Directory Users & Computers - Right Click "Domain" - Delegate Control -
Next - Add "User or Group" - Next - Select Task to Delegate - Next Finish
On Folder
Start - Program - Admin Tools - Active Directory Users & Computers - Right Click "Folder that you want to
control by other user & group" - Delegate Control - Next - Add "User or Group" - Next - Select Task to Delegate
- Next - Finish
Advance View of Active Directory Users & Computers

Open Active Directory Users & Computers - View - Advanced Feature
To Remove Delegate control permissions - Click Advanced feature of Active Directory - Right click User -
Properties - Security - & Deny Permissions
LDAP
LDAP is a "lightweight directory access protocol". LDAP is a communication protocol designed for use on
TCP/IP network. LDAP standard is established by IETF (Internet Engineering Task Force).
AD clients communicate with domain controllers using LDAP protocol
When
logging onto the network
Searching for shared resources
access to domain controller & global catalog
E-mailing...etc.
Directory Data Store

Active directory used a data store for all directory information. It uses four types of directory partition to store
& copy different types of data. Directory data is stored in the NTDS.DIT file. Private data is stored securely &
public directory data is stored on shared system volume.
Type of Directory Partition:

1. Domain Data contains information such as objects information that is (E-mail contacts, Users & Computer
A/c)
2. Configuration Data contains topology of directory such as list of all domains, Trees, Forest, Location of DC
& Global Catalog
3. Schema Data contains definition & attribute of all objects in windows server 2003. There is default
schema that defines many object types, such as "User & Computer A/c, Domains, OU & Security Policy.
4. Application Data is also called as Application Directory Partition. It is not part of the directory data store.
It must be created, configured & manage. It is the case where replication is not required on a global scale.

56
Implementing and Managing Microsoft Exchange Server 2003
[070-284] th
20 May, 2009
Exchange Server
Exchange server is an application software which is used to install in windows server 2003 to configure
window Server2003 as an e-mail server.
E-mail Server is used to send & receive e-mail from once client computer to another client computer in LAN or
WAN.
In the market there are other email servers available such as:
a) Linux sendmail
b) Linux postfix
c) Linux exim
For an email-client application exchange support many e-mail client such as:
a) Outlook Express
b) Ms Office Outlook
c) Any Web Browser (IE, Firefox, Safari.. etc.)
d) Linux evolution
e) Linux mutt
f) IBM lotus notes
g) Novell GroupWise
Protocol of Exchange Server

1. SMTP (Simple Mail Transfer Protocol)
It is used to send e-mail from client computer to e-mail Server & One e-mail server to another e-mail
server
2. POP3 (Post Office Protocol Version-3)

It is used to download e-mail from e-mail server to client computer. You can also save a copy of e-mail
server.
3. IMAP4 (Internet Message Access Protocol Version-4)

It is used to work online with e-mail server. It doesnt download mail from server to your computer.
4. HTTP (Hyper Text Transfer Protocol)

It is used to access exchange server through any web server.
5. NNTP (Network News Transfer Protocol)

It is used to send & receive news through internet.

57
Exchange Server 2003 Installation
1. You can install Exchange Server 2003 on following Windows:

a) Windows Server 2002 (SP3) or later
b) Windows Server 2000 (Advance)(SP3) or later
c) Windows Server 2003
Before Installing Exchange Server you have to install ASP.net, NNTP, & SMTP, World Wide Web Services.
2. Run dcdiag to test network connectivity & DNS resolution. To run this command first youve to install
support tools from Support Folder in windows server CD. To run this command your account must
have domain administrator & local machine administrator permission.
CMD dcdiag /f:<log file name>
If You are running this command tool from member server at this switch dcdiag /s:<Domain Controller?
3. Run netdiag to test network connectivity. Your account must have local machine administrator
permission. netdiag command sends output to the netdiag.log file.
4. Run forestprep to extend active directory schema. To run forestprep your account must have
following permissions
a) Enterprise administrator
b) Schema administrator
c) Domain administrator
d) Local machine administrator
You must run forestprep once in the forest in the domain where schema master resides.
5. Run domainprep to prepare domain for exchange 2003. Your account must have following permission:
a) Domain & Local machine administrator
Domainprep creates two new groups:

a. Exchange domain Server / global security group
b. Exchange enterprise Server / Domain local security group
It also create public folder, Proxy container. You must run domainprep once in each domain where
exchange server to be installed & in any domain that has exchange user.
Exchange require global catalog server where domainprep has been run
Note: To Install Exchange Server 2003 your account must have full exchange administrator permission at
organization level & local machine administrator permission.

58
Process to Install Exchange Server 2003
Requirement:
(ii) Server 2003 installed Computer
(iii) Active Directory must be installed
(iv) DNS Server must be installed & configured
Process of installation of Exchange Server 2003

1. Install Packages of application server
2. Forest Preparation
3. Domain Preparation
4. Setup of Exchange Server
(1) Install Packages (ASP.net, NNTP, SMTP)

Go to Start Setting Control Panel Add Remove Program Add Remove Windows Component
Application Server Detail Check ASP.net Select IIS Detail Check NNTP & SMTP Ok
Next Finish
(2) Forest Preparation

Insert Exchange Server 2003 CD Browse CD E:\English\Exch2003\Ent\Setup\i386 Setup
Open Exchange Server folder - Launch "Setup.exe" - Click "Exchange Deployment Tools - Deploy the
First Exchange 2003 Server - New Exchange 2003 Installation - Run Forest Prep Now - Next - Select "I
agree" - Next - Up to finish
(3) Domain Preparation

First Exchange 2003 Server - New Exchange 2003 Installation - Run Domain Prep Now - Next - Select "I
agree" - Next - Up to finish
(4) Run Setup

First Exchange 2003 Server - New Exchange 2003 Installation - Run Setup Now - Next - Select "I agree"
- Next - Select Action "Min/Typical/Custom" - Next - Next - Type Organization Name - Next - Select "I
agree" - Next - Next - Finish
Components to install Exchange Server:

1. Ms Exchange messaging & collaboration service (Min/Typical installation)
2. Ms Exchange System management tools (Typical) it is necessary to install exchange system manager
(MMC)
3. Lotus Notes Connector: You may install this component if you want to use lotus notes as exchange
client.
4. Connector for Novell GroupWise
5. Calendar Connector
6. Ms Exchange 5.5 administrator

59
st
21 May, 2009
After Installation of Exchange server youve to start following services if not started:
a) Microsoft Exchange POP3
b) Microsoft IMAP4
To Start Service:
Start Run Services.msc find above mentioned services - Properties Set Startup Type Automatic
Apply Start Ok.
Creating Mailbox enabled User A/c

Go to Start Run dsa.msc Right Click on Users Add New User Type Name Next Password Check
create a exchange mail box Next Finish.
Note: Already created all users A/c automatically will have a mailbox after installation of exchange server.
Configuring Outlook Express as Exchange Server Client

(Creating user a/c in outlook express):
Open Outlook Express Tools Accounts Add Mail Type Display Name Type e-mail address Select
POP3 Type Incoming & Outgoing mail Server Type Password Next Finish
Now Click Properties Advance Check leave a copy on message on server Apply Ok
To Make Entry of your Exchange Server into DNS

Go to Admin Tools DNS Expand Server - Expand "Forward Lookup Zone" - Right Click Domain Name
New Mail Exchange Record Browse Double Click "Exchange Server" - Forward Lookup Zone - Domain Name
- Select Your Exchange Server Name & IP Add Ok Ok.

60
nd
22 May, 2009
Creating Account in Outlook Express
Go to Start Program Outlook Express Tools Accounts Add Mail Type Display Name Type Email
Address Select Protocol (POP3/IMAP4/http) Type Incoming & outgoing mail Server Set Password (if
any) Finish
Backup of Outlook Express

Open Outlook Express Tools Options Maintenance Store Folder Copy Given Path Now Go to Run
paste the path Ok Now copy all files Keep them in another drive as backup (Ext - .dbx).
Restore of Outlook Express Backup

Open Outlook Express File Import Messages Select Microsoft outlook Express 6 Next Select main
identity Ok Browse for backup location Ok Next All folders Next Finish.
Backup of Outlook Express A/c

Open Outlook Express Tools Accounts Select A/c Export Select location to Save Save (Ext - .iaf)
To Restore Account
Open Outlook Express Tools Accounts Import- Browse for backup file Open Close.

61
th
25 May, 2009
Outlook Web Access (OWA)
It is a feature of Exchange Server that you can access exchange server through any standard web browser to
send & receive mails.
[http://IP or name of Exchange Server/exchange/username]

We can type exchange server FQDN or domain name or IP
Public Folder
It is a folder of Exchange Server which is used as notice board since e-mails are private & send to specific user,
but public folder can be created & read by any user, however you can configure permissions for public folder
in exchange manager.
To Open Public Folder

Got web browser & type http://IP of exchange Server or Domain Name/Public

62
th
27 May, 2009
Backup of Exchange Server
Go to Start Run ntbackup Advanced Mode Backup Wizard Select Backup Selected Files, Drives or
network data Expand Microsoft Exchange Server Expand Computer Name Expand Microsoft
information Store Check First Storage Group Next Advanced Select Type of backup Normal Next
Check Verify data after backup Next Append this backup to the existing backup Select Now Next
Finish Close
To Restore Backup of Exchange Server

1. Start Program Microsoft Exchange System Manager Expand Server Computer Name
Expand First Storage use Select Mailbox Store Properties data base page - Check This database
can be overwritten by a restore Ok Right Click Mailbox Store Click Dismount Store Right
Click Public folders Properties Database Store - Check "This database can be overwritten by a
restore" Apply Ok Right Click Public Folder Dismount Store Close.
2. Start Run ntbackup Advanced Mode Restore Wizard Next Select Backup Next Select
restore to Exchange Server computer name Type Temporary Location of log & patch file Check
Last restore set Next Check Preserve existing volume mount point Next Finish.
Restoring Exchange Server through "Recovery Storage Group"

It is a type of restoration of Exchange Server in which we can restore Mail Box (Only) without dismounting the
Current working mail box.
1. Go to Start - Program - Exchange System Manager - Expand Server - Right Click Any "Exchange Server" -
New - Recovery Storage Group - Right Click "Recovery Storage Group" - Add Database to Group - Select
Mail box - Ok
2. Now restore as mentioned above

(Start - Run - ntbackup - follow the same - Finish)
3. Now again Open System Manager - Open "Recovery Storage Group" - Select "Restore Mail box" Right
Click it - Mount - Finish
Assigning a Mailbox to a User

Start - Run - dsa.msc - Right Click "User" - Exchange Task - Next - Create Mail Box - Next - Next - Finish

63
28th May, 2009
Storage Group
In Exchange Server Standard Edition there is only one storage group & in this storage group there will be one
mail box store & one public store. Limit of size of storage group is "16 GB" each.
In Enterprise Edition by default there is first storage group created & inside this group there will be one "Mail
box Store" & one "Public Folder Store". You can create Maximum "Four" Storage Group & inside each of them
there can be maximum "Five" stores either "Mail Box" or "Public Folder" Store, so there will be total 20 Store.
To Create Storage Group

Start - Program - Microsoft Exchange - System Manager - Expand "Server" - Right Click "Exchange Computer
Name" - New - Storage Group - Give Name - Ok
To Create New Store

Start - Program - Microsoft Exchange - System Manager - Expand "Server" - Expand "Exchange Computer
Name" - Right Click "Storage Group" - New - Mailbox Store - Give Name - Apply - Ok
"Location of Mailbox Data in the Drive"

C:\Program Files\Exchsrvr\MDBDATA
Mail box of First Storage Group is inside MDB Data Folder
Mail box of Second Storage Group folder location is:
C:\Program Files\Exchsrvr\Your Storage Folder
The Default Mail Box Store Files are:

Private Mail: 1.Priv1.edb Public Mail: 1. Pub1.edb
2. Priv1.stm 2. Pub1.stm
Inside Storage Group Folder There are Following Files:

1 E00.chk 8 KB
2 E00.log 5,120 KB
3 E00tmp.log 4,096 KB
4 E0000001.log 5,120 KB
5 priv1.edb 4,104 KB
6 priv1.stm 4,104 KB
7 pub1.edb 3,080 KB
8 pub1.stm 2,056 KB
9 res1.log 5,120 KB
10 res2.log 5,120 KB
11 tem.edb 148 KB
Circular Logging
If you'll enable circular logging then exchange server will reuse old log file.
Note:
1. Every storage group has its own log file.
2. If you enable circular logging then you can't take incremental or differential backup.
3. If you take "Normal" or Incremental" backup it will delete old log files.
To enable
Right Click Any Storage Group - Properties - Check "Enable Circular Logging" - Apply - Ok

64
st
1 June, 2009
Configuring Exchange User Properties
Start - Run - dsa.msc - Expand "Domain Name" - Users - Right Click "User" - Properties - Exchange General -
1. Delivery Restrictions
a) Sending Massage Size - (0 to 2097151 KB)
b) Receiving Massage Size - (0 to 2097151 KB)
c) Massages Restrictions
2. Delivery Option
a) Send On Behalf (add other user to send massages on your behalf)
b) Forwarding Address (add other user to forward you incoming mail)
c) Recipients Limit (0 to 2097151 users) (to send massage at a time as "CC"
3. Storage Limit
a) Clear "Use mail box store"
I. Issue warning at (Set space limit point to show warning)
II. Prohibit Send at (Set Space limit point to Stop sending massages)
III. Prohibit Send & Receive (Set Space limit point to Stop sending & receiving massages)
Note: Limit (O KB to 2097151 KB)
b. Delete Item Retention.

Clear "Use mail box store"
I. Keep Deleted Item for Days "0 to 24855 days"
II. Don't permanently delete item until store has been backed up
Exchange Feature Page

Here we can enable & disable mobile services & protocol such as:
a) Outlook Mobile Access (OMA)
b) User initiated synchronization
c) Up to-date Notification
Protocol
a) Outlook Web Browser
b) POP3
c) IMAP 4
E-mail Address Page

Here we can edit or add new e-mail address & also can set priority to a e-mail address
To add new e-mail address:
New - SMTP address - Ok - Give e-mail address - Apply - Ok
Creating Distribution Group

Open Active Directory Users & Computers - New - Group - Type Name - Select "Distribution" - Check "Create
an Exchange Email Address" - Next Finish

65
Connecting Your Exchange Server to Internet
You can connect your server to internet so that you can send & receive e-mail from & to Internet E-mail Server
such as gmail.com, yahoo.com etc.
Requirement:
1) Public IP address on your exchange server,
2) Your domain name should be registered in DNS server
Process to Connect:
Start - Program - Microsoft Exchange - System Manager - Right Click "First Organization" - Internet mail Wizard
- Next - Next - Select Server Name - Next - Next - Next - Next - Next - Next - Next - "Outbound SMTP domain
Restriction" - Next - Next - Finish
To View: Open Connectors - "Internet mail SMTP Connectors" - Properties - Make Changes (If required) -
Apply - Ok

66
2nd June, 2009
Operation Mode of Exchange Server
There are two mode of Exchange Server
1. Mixed mode (default)
In Mixed Mode your exchange server can support "Exchange Server 5.5, Exchange 2000 Server, &
Exchange Server 2003"
2. Native Mode
In Native Mode it'll support only "Exchange 2000 Server, & Exchange Server 2003". Some more
features are also enabled in Native Mode.
You can change operation mode from "Mixed" to "Native" but it is irreversible, we can't change "Native
Mode" to "Mixed Mode".
To Change Operation Mode:

Start - Program - Microsoft Exchange - System Manager - Right Click "First Organization" - Properties - Change
Mode - Yes - Apply - Ok
Delegate Control of Exchange Server

You can delegate control of exchange server to any user.
There are three type of role to control Exchange Server
1. Exchange administrator: It can fully administer exchange server information
2. Exchange Full Administrator: It can full administer exchange server information & modify permission.
3. Exchange View Only Administrator: It can only view exchange configuration information.
To Delegate Control
Start - Program - Microsoft Exchange - System Manager - Right Click "First Organization" - Delegate Control -
Next - Add User - Browse - Advance - Find Now - Select User - Ok - Ok - Select Role - Ok - Next - Finish
Global Address List

It is an address list which automatically views in the client application such as Ms Outlook, so that user need
not to type full e-mail address of the user that is in global address list.
To view it:
Start - Program - Microsoft Exchange - System Manager - Expand Recipients - All Global Address List - Right
Click "Default Global Address List - Properties - Preview.
To Create:
Start - Program - Microsoft Exchange - System Manager - Expand Recipients - All Global Address List - Right
Click - New - Global Address List - Type Name of List - Filter Rules - Check the Mentioned condition of recipient
Accordingly-Find Now - Select User - Ok - Finish

67
List of Some Important Protocol with Port Number
1. FTP-DATA (File Transfer protocol) 20-TCP

2. FTP (File Transfer Protocol) 21-TCP
3. TELNET (Telephony Network) 23-TCP
4. SMTP (Simple Mail Transfer Protocol) 25-TCP
5. DNS (Domain Name System) 53-TCP/UDP
6. DHCP (Dynamic Host Configuration Protocol 67-UDP
7. TFTP (Trivial Files Transfer Protocol) 69-UDP
8. HTTP (Hyper Text Transfer Protocol) 80-TCP
9. HTTPS (Hyper Text Transfer Protocol with SSL) 443-TCP/UDP
10. Kerberos 88-TCP/UDP
11. POP3 (Post Office Protocol v3) 110-TCP
12. NNTP (Network News Transfer Protocol) 119-TCP
13. IMAP (Internet Massage Access Protocol) 143-TCP
14. Print-srv 170-TCP
15. LDAP (Lightweight Directory Access Protocol) 389-TCP
16. LDAPS (LDAP with SSL) 636-TCP
Some Full Forms

1. DNS- Domain Name System
2. DHCP- Dynamic Host Configuration Protocol
3. FTP- File Transfer Protocol
4. TFTP- Trivial File Transfer Protocol
5. HTTP- Hyper Text Transfer Protocol
6. Telnet- Telephony Network
7. SMTP- Simple Mail Transfer Protocol
8. POP- Post Office Protocol
9. IMAP- Internet Massage Access Protocol
10. NetBIOS- Network Basic Input/Output System
11. TCP- Transmission Control Protocol
12. UDP- User Datagram Protocol
13. IP- Internet Protocol
14. ICMP- Internet Control Massage Protocol
15. ARP- Address Resolution Protocol
16. RARP- Reserve Address Resolution Protocol
17. HDLC- High-level Data Link Control Protocol
18. SDLC- Synchronous Data Link Control Protocol

68
Few Run Commands
Commands Description
1. Gpedit.msc - To open Group Policy
2. Services.msc - To open Service
3. Regedit - To open registry setting
4. Msconfig - To open System Configuration Utility
5. Mstsc - To open Remote Desktop Service
6. \\IP - To access network pc
7. \\IP\C$ (Drive letter) - To access unshared drive of a network pc
8. net user username password /add - To add a Limited User Account
9. net user username * - To reset password
10. Dcpromo - To install/uninstall Active Directory in Server
11. dcpromp /forceremoval - To uninstall Active Directory in Server
12. Dsa.msc - To open Active Directory
13. net send * Hello (your message) - To send massage to another PC
14. tscc.msc - To Open terminal Services
15. Convert Drive Letter /fs:ntfs - To format file system to ntfs format
16. Ntbackup - To run Backup utility
17. ipconfig /flushdns - To clear cache memory
18. nslookup - It helps to check IP to host name or vice a versa.
19. Gpupdate - It Refresh Group Policy
20. Appwiz.cpl - To Open Add Remove Program
21. Taskmgr - To Open Task Manager
22. Winver - To Check Windows Version

Mcse Notes

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Mcse Notes

Caricato da

Copyright:

Formati disponibili

1

The Number of Exam for MCSE = 7

a. Installing, Configuring, and Administering Windows XP Professional [070-270]

The MCSE is a combination of 3 Level

1. Level 1 MCP (Microsoft Certified Professional)

2. Level 2 MCSA (Microsoft Certified System Administrator)

3. Level 3 MCSE ( Microsoft Certified System Engineer)

Network Infrastructure (NI) [070-293]

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

Installing, Configuring, and Administering Windows XP Professional [070-270]

1. What is Operating System?

There are two type of Operating System:

A. Client Operating System:

B. Network or Server Operating System:

Hardware Requirement for Installation of Windows XP Professional

1. CPU (Central Processing Unit)

2. RAM (Random Access Memory)

3. Hard Disk Space

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

1. Standard Installation (Clean Installation )

Steps for Clean or standard Installation:

Note: We can remove CD when 18 min are remaining to complete Installation

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

Steps for Up-gradation of Window

Unattended Installation Process of Windows XP Professional

1. Insert XP CD in the Drive

Note: 1. This installation doesnt format the drive.

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

You can change time out & default OS through Boot.ini

[My computer Property Advance Setting under Startup & Recovery]

Using Recovery Console

To Choose Recovery Console

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

2. Type CD .. (Note there must be a space between CD and ..)

3. Type the following attributes.

4. Type DEL BOOT.INI

This process may take some time to complete.

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

Share folder permission

Folder Security Permission

Permission Meaning for Folders Meaning for Files

Write Permits adding of files and subfolders Permits writing to a file

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

To Access a share folder from another computer

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

2. Safe mode with networking

3. Safe mode with Command Prompt

4. Enable Boot logging

5. Enable VGA Mode

6. Directory Services Restore Mode

System Restore Point

To create a Restore Point

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

Installing devices using Add Hardware Wizard

Installing loopback adapter

Go to My Network Places Properties Here you can see it.

To create hardware profile

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

To Enable Interne printing on server

Installing internet printer on client computer

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

MCSE Notes by Vicky ATS Infotech Pvt. Ltd.

It is Fault tolerance & its overhead is 50%

It is Fault tolerance & its overhead is 33%