Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
MCSE
(Microsoft Certified System Engineer)
--------x--------
1. Start Your Pc
2. Enter in BIOS (by pressing F1, F2, F3, DEL, ESCetc according to supplier)
Or we can see the BIOS Entering Key on Startup screen
3. Go to Boot & Set Boot Device Priority
st
1 Boot Device CD-ROM
nd
2 Boot Device - HDD (Hard Disk)
rd
3 Boot Device Any
& Save the Setting & Exit
4. Insert XP CD into the CD-Rom & restart computer
5. Press Any Key when Press any key to boot from CD Prompt on Screen
6. Next youll get the option to Repair or Enter Setup Press Enter.
7. Press F8 to agree with the License
8. Setup will scan for the previous window installation
9. Choose the location to install
a) If this is a clean Hard Drive, you can choose to create a partition in the un-partitioned space. At
this point you can allow setup to use all the space or set a size for partition.
b) If the partition are already made then select a Partition to install it.
10. Choose the file system from the screen. Press Enter to continue
11. Setup will show the progress box & reboot when copying file is complete.
12. After restarting when you would see Press any key to boot from CD do not Press any key
13. From this point you will follow the screen prompt
14. Enter you Name & Organization
15. Enter Product Key
16. Choose name for you computer
17. Choose you Time, Date & Time Zone
18. Setup will scan for network
19. If detected you have choice to choose typical configuration or custom configuration
Choose typical if you are unsure.
20. Choose your workgroup
21. Setup will continue & reboot after finishignore Press any key to boot from CD
22. You will see a change display setting, click yes to accept the setting
23. Your XP is installed & follow the few prompt instruction
1. Insert Windows XP CD
2. Brows CD & run Setup
3. Click on Install Windows XP
4. When Window appears select installation type to Up-gradation
5. Accept the license & Enter the product key
6. Follow the instruction
In this installation we create an answer file which is used while installing Operating System. So there is no
need to attend the installation process after running setup.
Steps for unattended installation
BOOT.INI
Its a notepad file which has two information.
1. Time out
2. Default Operating System to Load
If for any region your computer is not booting up & showing NTLDR file missing or corrupted or compressed
you can copy NTLDR file from recovery console
To Copy file
10. Copy ntldr c:\
11. Copy ntdetect.com c:\
To decompress
12. c:\attrib -C ntldr
13. Exit
* C:>ATTRIB -H C:BOOT.INI
* C:>ATTRIB -R C:BOOT.INI
* C:>ATTRIB -S C:BOOT.INI
This process again will take some time as it will check the disk status. Do note that it can take up to 30 minutes
or more on slower machines.
Once the check disk process is complete, complete the whole process by typing FIXBOOT and click enter.
You will be given a prompt that reads "Sure you want to write a new boot sector to the partition C: ?"
Simply type Y for yes. Once done, type exit to restart your PC. You will now be able to boot normally on your
Windows XP.
[Note: If computer keep restarting, it could be because of Missing or Corrupted Boot.ini file.]
Sharing a folder: Go to Folder properties which you want to share then select sharing click on the Share
Folder Apply
Note: if the function is not open then go to control panel admin tool Local Security policy- Local Policy
Security Option- set network access: sharing & security model guest to Classic & Apply & OK.
Read & Execute Permits viewing and listing of files and subfolders as well Permits viewing and accessing of the file's contents
as executing of files; inherited by files and folders as well as executing of the file
List Folder Contents Permits viewing and listing of files and subfolders as well N/A
as executing of files; inherited by folders only
Modify Permits reading and writing of files and subfolders; allows Permits reading and writing of the file; allows
deletion of the folder deletion of the file
Full Control Permits reading, writing, changing, and deleting of files Permits reading, writing, changing and deleting of
and subfolders the file
Note: If there is no security page is shown then open my computer tools folder option view un-check
last option (use simple file sharing)
Note: By default all drives of a computer is shared. You can access it by the command (\\IP\ drive letter with $ sign)
th
19 Feb. 2009
1. Safe mode
Safe mode option Boots your computer with minimum driver required. In this mode you can disable any
device driver & you can backup you data... etc.
7. Debugging Mode
If two computers are connected with serial cable by com port, it will display boot info in another
computer.
rd
23 Feb. 2009
Step to Install
Start Setting Control panel Add Hardware Add new Hardware Device Select Advanced Select
Network Adapters Select Microsoft Loopback Adapters Finish
Step to uninstall
Go to Device manager Expend Net Adapter Right click on Loopback Adapter - Uninstall.
Hardware Profile
You can create hardware profiles with different Hardware settings. Its mostly useful for laptop. It provides
you options to choose Hardware profile during system startup. You can create Many Hardware profile.
[i.e. if you have more than one LAN-card you can enable one LAN-Card in each Profile.]
Printers
There are four types of printers
1. Local printer
2. Share printer
3. Network printer
4. Internet printing (Window Server)
(1) Local Printer: If Printer is directly attached to a computer (either in LPT port, Com port, or USB port) is
called Local printer.
Installation: Start Printer & Faxes Add Printer Select local printer -
Select port Select manufacturer & Printer Model Printer Name (any) Share Name Location
(physical)(optional) - Finish
(2) Share Printer: If a Printer is attached to another computer & is shared to other computers too is called
share printer.
Installation:
Start Printer & Faxes Add Printer Select A Network Printer Browse or \\IP of print server\printer
name (Name or IP) - Finish
(4) Internet Printing: You can enable internet printing in Windows Server 2003. You can use your Web
browser to connect to shared printers on a print server that is running Microsoft Internet Information
Services (IIS). Printing is implemented by way of the Internet Print Protocol (IPP), which is encapsulated in
the Hypertext Transfer Protocol (HTTP). By typing the Uniform Resource Locator (URL) of a remote printer
in the Address bar of your browser, you can connect to, and print from the printer in the same way as if it
were attached to your own computer.
You can view a Web page on which all printers on a print server are listed, or a page that is specific to the
printer to which you want to connect.
Printer Pooling: If you have more than one printer of same manufacturer & same model then you can enable
printer pooling. If you are pooling in printers than make sure that your all printer should be kept in the same
location or else you will not able to find that which printer has printed out you document.
Enable Printer Pooling
Go to Printer Properties Ports Check on Enable Printer Pooling Check both Printer Port Ok
Priority: If there is long waiting queue for print job & want to set priority to any user then you can configure
nd
Printer priory. As soon as printer will finish the current job it will take high priority printing job at 2 instance.
Enable Printer Priority
Install a printer twice Go to printer properties Advanced Set priority
Spooling: (Simultaneous Peripheral Operations On-Line) the overlapping of low-speed operations with normal
processing. Spooling originated with mainframes in order to optimize slow operations such as reading cards
and printing. Card input was read onto disk and printer output was stored on disk. In that way, the business
data processing was performed at high speed, receiving input from disk and sending output to disk.
Subsequently, spooling is used to buffer data for the printer as well as remote batch terminals.
Note: Administrator can also manage internet printer through Internet Explorer
[http://IP of print Server/printers]
Basic Disk:
A disk initialized for basic storage is called a basic disk. When we install operating system by default our disk is
Basic Disk. A basic disk contains basic volumes, such as
1. Primary partitions,
2. Extended partitions,
3. Logical drives.
Primary partition is the first division of a hard disk drive. The primary partition is often the only one on the
disk, and it occupies the entire disk volume. If there are multiple partitions, the primary partition is the one
that holds the operating system and has to be made "active" in order to do so. We can make maximum 4
primary partitions on a disk.
Extended Partition: If we need more then four partition then we need to make at least one extended
partition. This Extended partition is used to make more partition. Extended partition works as boundary for
logical drives.
Logical Drives: We can create many logical drives inside an extended partition. We can create up to z logical
drives, and then we can create many mounted drives on any folder or drive.
To Create Partition
Go to My computer Right click Manage Disk Management Right Click on partition & follow the
instruction
Dynamic Disk:
Dynamic storage is supported in Windows XP Professional, Windows 2000 and Windows Server 2003. A disk
initialized for dynamic storage is called a dynamic disk. A dynamic disk contains dynamic volumes, such as:
1. Simple volumes,
2. Spanned volumes,
3. Striped volumes, (RAID 0)
4. Mirrored volumes, (RAID 1)
5. RAID-5 volumes. (Striped with Parity)
R Redundant
A Array of
I - Inexpensive/Independent
D Disk
A basic disk doesnt support above features. We can convert a basic disk into dynamic disk any time without
data loss. But to convert a dynamic disk into Basic disk we need to format whole hard-disk so backup your
data before converting.
When we convert a basic disk into dynamic disk, all primary partition & Logical partition changes to Simple
Volume & free space of extended partition become unallocated partition. With dynamic storage, you can
perform disk and volume management without the need to restart Windows.
1) Simple Volume: Its Similar to primary partition but you can extend size of simple Vol. without data loss. But
you cant reduce size of Vol. If you extend size from same hard-disk it will be simple volume, but if you extend
size from different HDD it will become spanned Vol.
2) Spanned Volume: you can create a single volume containing size of multiple HDD. It means you can create
160 GB Vol. by using two HDD of 80 GB.
You can use Min- 2 HDD
MAX 32 HDD
3) Striped Volume: You can create a single volume using multiple HDD. It takes equal size from all disk, it saves
data of 64kb in all HDD in a scattered way. It enhances volumes read & write performance. It provides no fault
tolerance. If any disk crashes your all data will become inaccessible.
You can use Min- 2 HDD
MAX 32 HDD
4) Mirrored Volume: It takes two hard disks. It saves same data in both disks. It means it automatically copy
data in to second HDD. In this 80GB Vol. will take two HDD of 80GB.
5) RAID 5: It combines the feature of striped volume & mirrored Vol. It also saves data of 64 kb like striped
volume. It also saves parity (Compressed form of data) in another disk. For 160GB Vol. you will require Three
HDD of 80GB each.
Note: Dynamic disks are not supported on portable computers or on Windows XP Home Edition-based computers.
Dynamic disk also does not support dual booting & multi-booting.
There are some built-in groups which has special authority on computer such as
1. Administrator group
2. Backup operators
3. Guest
4. Network configuration operator
5. Performance log users.
6. Performance monitor users
7. Power users
8. Print operators
9. Remote desktop users
10. Replicaters
11. Users
12. IIS_WPG
13. Terminal Server Computer
To create a group of user at one shot: create a notepad file & type commands
(Type Net user name password /add for each user) to create as many user as you want & save the file name
with (.bat file) & run it.
Creating a group
Go to My computer Manage Local User & Group Right click New Group Give name & password
Apply
[Note: If you have disable Administrator a/c & log off & there is no other administrator a/c then restart your computer
go into safe mode with command prompt & then type [net user administrator password /active:yes}
Domain
Domain is a group of users & computers defined by the administrator with the common rule & procedure.
Domain has a DNS (Domain Name System) Name such as:
Microsoft.com
Google.com
Vikas.com
When a computer joins to a domain it has its own local users & groups as well as it also logon in domain
Domain Controller
It is a Windows Server 2003 installed computer in which Active Directory Service is installed. Domain
Controller is used to manage domain object such as Users & Computers Centrally.
Active Directory
It is a directory service which is installed to configure Windows Server 2003 as a domain controller. It also
defines domain DNS Name. It has information of all domain objects like Users & Computers
To Create Domain
1. Install Windows Server 2003 in a computer.
2. Install Active Directory Service in Win Server 2003.
3. Create all users a/c in Active Directory.
4. Join all client computers to domain.
5. Window server 2003 Active Directory doesnt support window 95 & Windows NT 4.0 service pack 3 or
earlier.
Requirement:
A) Windows Server 2003 must be installed.
B) LAN Card device & driver must be installed.
C) IP Address must be configured
D) LAN card must be connected to a switch & must be activated.
[To view the joined computer in domain go to active directory users & computer & click on Computer]
Login to a domain
There are two way to login to a domain.
A) By NetBIOS Name
B) By Domain DNS Name
By NetBIOS Name you need to type Just NetBIOS name & Password
By Domain DNS Name you need to type User name with addressing domain name & Password
Go to Control Panel Administrative Tools Services Open Alerter Set Startup type to Automatic
Click Start button Ok (Similarly Enable Messenger Service)
Or
Go to Run Type Services.msc - Open Alerter Set Startup type to Automatic Click Start button Ok
(Similarly Enable Messenger Service)
Note: The sign of * in net send * Hello (your message) will send your message to all computers at once. If you want to
send your message to only one PC then use (IP address or Computer Name instead of *)
Password Policy
Go to Start Program Administrative Tools Domain Controller Security Policy Open A/c Policy Open
password policy: You will find Six Password Policies
1. Minimum Password length: This security setting determines the least number of characters that a
password for a user account may contain. You can set a value of between 1 and 14 characters, or you
can establish that no password is required by setting the number of characters to 0.
2. Password must meet complexity requirement: If this policy is enabled, passwords must meet the
following minimum requirements when they are changed or created:
1 Password should not contain significant portions of the user's account name or full name
2 Password should be at least six characters in length
3 Password should Contain characters from three of the following four categories:
a) English uppercase characters (A through Z)
b) English lowercase characters (a through z)
c) Base 10 digits (0 through 9)
d) Non-alphabetic characters (for example, !, $, #, %)
3. Minimum Password Age: This security setting determines the period of time (in days) that a
password must be used before the user can change it. You can set a value between 1 and 998 days,
or you can allow changes immediately by setting the number of days to 0.
4. Maximum Password Age: This security setting determines the period of time (in days) that a
password can be used before the system requires the user to change it. You can set passwords to
expire after a number of days between 1 and 999, or you can specify that passwords never expire by
setting the number of days to 0. If the maximum password age is between 1 and 999 days, the
Minimum password age must be less than the maximum password age. If the maximum password
age is set to 0, the minimum password age can be any value between 0 and 998 days.
Default: 42 days
6. Store Password Using Reversible Encryption: This security setting determines that the whether
Operating System stores the Password in reversible encryption or not.
If you will enable this security then it will like just like saving your password in plain text, so make sure
that, this password security must be set to disabled.
Default: Disabled
Home Folder
Home folder makes it easier for an administrator to backup users file & manages users a/c by collecting the
users file in one location. If you assign a home folder to a user you can store users data in a central location
on a server, make backup & recovery of data easier & more reliable.
One more advantage of home folder is that wherever user would login, user would be able to access his Home
folder (his saved filesetc) which is assigned by Sever Administrator.
Local user Profile is located in the in the Documents & Settings folder on the Local Computer. When a user
st
logs on to the local computer for the 1 time, a subfolder matching to their username is created under the
Documents & Settings folder which is located in Windows drive (C drive). In this subfolder the users profile
& a hidden system file (netuser.dat) is also created.
When a user logs on to the computer, the ntuser.dat file is loaded, this contains the users preferences &
settings. Any changes to the user setting or preferences are saved back to the ntuser.dat file when the user
logs off the computer.
Roaming User Profile can be created when a users access more than one PC or move around the network to
ensure that the user will receive his or her user settings & preferences, no matter where they log on. This user
profile is created by the administrator in Active Directory by using profile tab in the users properties.
When a user logs on using Roaming Profile a local profile will remain on the local machine also if there is
unavailability of network then next time the user logs on from that PC, the locally cached profile will be
loaded. Changes to the local profile will not saved back to the Roaming profile
Note: when a user logs on users profile are taken form the network which creates a network traffic & long
logon time if user saves large files to their desktop or to their My Documents folder.
Mandatory User Profile is used when administrator wants no changes to Users Settings & Preferences by any
user. This is a fixed profile of a user which can not be modified or changed, if still user makes changes to
his/her profile the all changes will be lost when the user logs off, the next time when user logs in again all
settings will be reset to mandatory user profile.
Note: The ntuser.dat file is a hidden system file by default. To see this go to folder option view - uncheck hide protected
operating system files
Note: To avail more then one application in Terminal Service Well need one LAN Card for each Application.
[Note: Install Terminal Service then Install your application that you want to configure in terminal service]
To enable it
Go to Any Drive (in which you want to set Quota) Properties Check Enable quota management Check
Deny disk space to users exceeding quota limit Check Limit disk space to & Set limits Apply Ok
Quota Entries
Go to Any Drive(in which you want to set Quota) Properties Quota Quota Entry Click on Quota New
Quota Entry Advance Find Now Select Users Ok Set Limit Ok Apply Ok
You can run many web sites with different IP address or Different Port No.
By Default Web Server uses http protocol on port no. 80/tcp
Right click your new web site Properties Documents Add Type your html file name Ok
Move up Apply Ok.
From your client computer Open Internet Explorer & Browse: http://IP or http://Domain name
[Note: to see port number with protocol c\windows\system32\driver\etc open this file with notepad]
From your client computer Open Internet Explorer & Browse: ftp: //IP or http://Domain name
Backup Types
There are five different types of backups and each type of backup handle data in slightly different way.
1. Normal
2. Incremental
3. Differential
4. Copy
5. Daily
Normal backup copies all the files you select and marks each file as having been backed up (in other words,
the archive attribute is cleared). With normal backups, you only need the most recent copy of the backup file
to restore all of the files. You usually perform a normal backup the first time you create a backup set.
Incremental backup backs up only those files that have been created or changed since the last normal or
incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared).
If you use a combination of normal and incremental backups, you will need to have the last normal backup set
as well as all incremental backup sets to restore your data.
Backing up your data using a combination of normal backups and incremental backups requires the least
amount of storage space and is the quickest backup method. However, recovering files can be time-consuming
and difficult because the backup set might be stored on several disks
Differential backup copies files that have been created or changed since the last normal or incremental
backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared).
If you are performing a combination of normal and differential backups, restoring files and folders requires
that you have the last normal as well as the last differential backup.
Backing up your data using a combination of normal backups and differential backups is more time-
consuming, especially if your data changes frequently, but it is easier to restore the data because the backup
set is usually stored on only a few disks
Copy backup copies all the files you select, but does not mark each file as having been backed up (in other
words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and
incremental backups because copying does not affect these other backup operations.
Daily backup copies all the files that you select that have been modified on the day the daily backup is
performed. The backed-up files are not marked as having been backed up (in other words, the archive
attribute is not cleared).
(Note: Normal & Incremental backup clears Archive after backup where Differential, Copy, & Daily backup doesnt Clear Archive)
To Backup Data
Start Run ntbackup Select Backup files & Setting Select Let me choose what to backup Select File
or Folder Select name & location to Save Backup Click Advance to choose Backup Type Select schedule
if you want - Finish
TCP/IP Overview
TCP/IP is a Protocol Suite. In Internet now a day we are using TCP/IP Protocol Suit.
Other protocol suits are also there like:
1. IPX/SPX
2. Apple talk
3. NetBios/Netbeui
Microsoft also uses TCP/IP protocol suite in its Operating System.
There are various protocols in TCP/IP protocol suite
Network Host
24
Class A 126 2 -2 = 1, 67, 77,214
16
Class B (191-127) X 256 =16,384 2 -2 = 65,534
8
Class C (223-191) x 256 x 256 = 20, 97, 152 2 -2= 254
Binary
Computers are based on the binary numbering system, which consists of just two unique numbers, 0 and 1.
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 =255
Examples:
By following the above equation
0 0 0 0 0 0 0 0=0
0 0 0 0 0 0 0 1=1
0 0 0 0 0 0 1 1=3
0 0 0 0 0 1 1 1=7
0 0 0 0 1 1 1 1 = 15
0 0 0 1 1 1 1 1 = 31
0 0 1 1 1 1 1 1 = 63
0 1 1 1 1 1 1 1 = 127
1 1 1 1 1 1 1 1 = 255
Or
1 0 0 0 0 0 0 0 = 128
1 1 0 0 0 0 0 0 = 192
1 1 1 0 0 0 0 0 = 224
1 1 1 1 0 0 0 0 = 240
1 1 1 1 1 0 0 0 = 248
1 1 1 1 1 1 0 0 = 252
1 1 1 1 1 1 1 0 = 254
1 1 1 1 1 1 1 1 = 255
1 1 0 0 1 0 0 = 100
Explanation: 64 32 0 0 4 0 0 = 100
A CIDR IP address looks like a normal IP address except that it ends with a slash followed by a number, called
the IP network prefix. For example: 192.168.0.0/24
{/24 denotes the total bit used in subnet mask for exp. 255.255.255.0 = /24}
Class C
SM Range
{255.255.255.0) or /24 192.168.0.0 to 192.168.0.255
Scope is a valid range of IP addresses which are available for assignments or lease to client computers on a
particular subnet. In a DHCP server, you configure a scope to determine the address pool of IPs which the
server can provide to DHCP clients
Super Scope can be used to combine two or more scopes, each serving different subnets, and can make the
administration of several scopes on a Windows Server 2003 DHCP Server more manageable.
DHCP Reservation
You can bind any IP address with any computer mac address from range of scope.
80/20 Rule
For availability we can configure two DHCP Server. In this case for any network 80% IP address in one DHCP
Server & rest 20 % IP address in another DHCP Server is configured.
2. The client is offered an address when a DHCP server responds with a DHCPOffer message containing an IP
address and configuration information for lease to the client.
3. The client indicates acceptance of the offer by selecting the offered address and replying to the server
with a DHCPRequest message.
4. The client is assigned the address and the DHCP server sends a DHCPAck message, approving the lease.
Other DHCP option information might be included in the message.
5. Once the client receives acknowledgment, it configures its TCP/IP properties using any DHCP option
information in the reply, and joins the network.
In rare cases, a DHCP server might return a negative acknowledgment to the client. This can happen if a client
requests an invalid or duplicate address. If a client receives a negative acknowledgment (Decanal), the client
must begin the entire lease process again.
DNS Server
DNS (Domain Name System) is a database system that translates a computer's fully qualified domain name
(FQDN) into an IP address. DNS Server works on Port no. 53 TCP/UDP
FQDN
Computers host name & Domain name is called FQDN
For Exp. Computer host Name: Vikas
Domain Name : IBM.com
FQDN : Vikas.IBM.com
The use of DNS in the internet is to resolve internet domain name to its IP address.
For Exp. www.google.com to 209.89.153.104
The use of DNS in the any company is to resolve Domain name to IP address.
Active Directory service requires DNS Server to communicate between domain controllers. It uses SRV Records
(Service Record).
2 Recursive Queries
In recursive queries, DNS server resolve the query with its own database if it doesnt have the required
information, it contact another Name Server (called forwarders) & passes the information itself.
Root Hints
A DNS server contains a list of preliminary resource records (root hints) that can be used by the DNS service to
locate other DNS servers that are authoritative for the root of the DNS domain. The root hints are stored in
the file CACHE.DNS, located in the systemrootSystem32Dns folder.
Forward Lookup Zone is a zone in DNS server which resolve computer FQDN to IP address
Forward & Reverse Lookup Zone is a zone in DNS server which resolve computer FQDN to IP & IP to FQDN
both.
Primary Zone: DNS Server is authoritative for primary zone. We can create records in primary zone.
Secondary Zone: It is a zone of another DNS server primary zone. It is used for load balance. We cant create
records in secondary zone.
Stub zone: It is also a zone of another DNS server. A stub zone is a copy of a zone that contains only those
resource records which are necessary to identify the authoritative DNS Server for that zone. It keeps only
three types of records:
a. Name Server records (NS)
b. Host (A) records
c. Start of Authority resource (SOA)
Resource Records
1. Host (A) Records: It has computer FQDN & IP records used for power lookup zone.
2. Pointer (PTR) Records: It has computer IP & host Name record. (used for reverse lookup zone)
3. Mail exchanger (MX) Records: Used for mail server record
4. Service (SRV) Records: Used for active directory service. If DNS server is installed in domain controller
then zone is called active directory integrated zone.
2. Cache Memory
To clear cache (repair or in cmd type ipconfig /flushdns)
3. DNS Server
(ipconfig /registerdns)
Go to Admin tools Services & Start DHCP, DNS & Remote Installation services
Router is a layer-3 inter-network device which is used to communicate between two different networks.
It routes packet to destination network & selects best path to the destination.
We can configure windows server 2003 as a router however there should be two LAN card with different IP
address in the Server.
1. Go to Start Programs Admin tools Routing & Remote Access Right Click on Computer name Select
Configure & Enable Routing & Remote Access Next Custom Configuration Select All Next Finish
2. Go to Routing & Remote Access Expend Computer Name Expend IP Routing Right Click on
General Select New Interface Select One Local Area Connection Ok Again Right Click on
General - Select New Interface Select Second Local Area Connection Ok
3. Right Click General New Routing Protocol Select RIP Version-2 for Internet Protocol Ok
4. Right Click RIP (routing information protocol) Select New Interface Select One Local Area
Connection - Ok Again Right Click on RIP - Select New Interface Select Second Local Area
Connection Ok
1. Go to Admin Tools Routing & Remote Access Expand IP Routing Right Click General New Routing
Protocol Select DHCP Relay Agent OK
2. Right click DHCP Agent New Interface Select Local Area Connection of Second Network Right Click
DHCP Relay Agent Properties Type IP Address of DHCP Server Add Apply Ok
IPsec ensure that two computer starts communication according to ipsec policies. It encrypts whole
communication.
To Open IPsec policies:
Start Program Admin tools - or Start Control Panel Admin tools Security Policies IP security policies.
1. Go to Admin tools Security Setting Right Click IP security policy Create IP Security Policy Next
Name your security policy Uncheck Active the default respond rule Uncheck Edit properties -
Finish
2. Right click your new policy Properties Click Add In rule tab Next Next Next In Authentication
Method page Use the key exchange Click Add for new filter Again Add Next Select Source
address of IP traffic to a specific IP subnet Set network IP & subnet mask Select the destination
address of IP traffic to a specific IP subnet Select network IP & subnet mask Select protocol
(Optional) next finish - Ok
3. Check your filter Next Select filter action respond in server & require in client Next Finish
Apply Ok
4. Now right click your policy & Assign
Note:
1. we can assign only one policy at a time
2. Run gpudate to refresh changes in group policies
Window Clustering
Network Load balancing
For ability & scalability of service we configure Network Load Balancing. In NLB (network load balancing) we
connect multiple sever physically to work as a single sever logically. All nodes (Computer) of NLB work on
single IP address (called cluster IP address) & NLB generates a common MAC address for all nods according to
cluster IP address. It provides services for all protocol & all port number. You can configure protocol & port
number. Generally we configure NLB for web server, ISA (Internet Security Acceleration) Server, VPN Server, &
Terminal Server.
Main advantage of network load balancing is-
1. Load Balancing
2 service Availability
Note:
a) There should be common database in all nodes so that all nods can provide common service.
b) We can add maximum 32 nods in network load balancing.
1. NLB can be configured in all addition of Windows Server 2003 Whereas Server cluster can be configured
only in Enterprise edition & Data Centre Edition.
2. You can add maximum 32 nods in NLB but you can add maximum 8 nodes in Server Cluster.
3. NLB will load Balance TCP & UDP traffic whereas Server Cluster loads fails over & fails back application.
4. For NLB there is no hardware required but for Server Cluster you need network storage device like SAN
(Storage Area Network) or NAS (Network Area Storage)
5. We can configure NLB for Web Server, ISA (Internet Security Acceleration) Server, VPN Server, & Terminal
Server, but we configure server cluster for Exchange Server, SQL Server, & for file & Print Server.
For Encryption & Decryption Certificate Service use two types of keys
1. Public Key is used to encrypt data
2. Private Key is used to decrypt data.
Note:
1. A computer never sends its private key in network.
2. Every public key has its own concern private key which can only decrypt the data.
Note:
If above URL doesn't Open
Go to IIS Manager - Web Service Extensions - Allow Active Server Page"
Note: If your existing certificate is incorrect then your site might not open.
th
27 April, 2009
Schema: The set of definitions for the universe of object that can be stored in a directory. For each object class
schema defines which attributes & instance of the class must have & which additional attribute it can have.
i) Schema master: The schema master domain controller controls all updates and modifications to the
schema. To update the schema of a forest, you must have access to the schema master. There can be
only one schema master in the entire forest.
ii) Domain Naming Master: it controls the addition or removal of domains in the forest. There can be only
one domain naming master in the entire forest.
Global catalog server(GC server): Its a directory database that applications & client can quarry to locate any
object in a forest. GC contains partial replica of every domain directory partition the forest
These roles must be unique in each domain. This means that each domain in the forest can have only one RID
master, PDC emulator master, and infrastructure master.
i) Relative ID (RID) master: The RID master allocates sequences of relative IDs (RIDs) to each of the various
domain controllers in its domain. At any time there can be only one domain controller acting as the RID
master in each domain in the forest.
Whenever a domain controller creates a user, group, or computer object, it assigns the object a unique
security ID (SID).
ii) PDC emulator master: The PDC emulator master acts as a Windows NT primary domain controller for
earlier version of windows (pre win 2000) & Backup domain controller (BDC). It Processes password
changes from client. Its also responsible for synchronizing the time on all domain controllers
throughout the domain. Its supports two authentication protocols:
The Kerberos V5 protocol
The NTLM (New Technology LAN Manager) Protocol
We can transfer & seize (seizure) operation master role from one DC to ADC. We can also query about the
roles.
1. ntdsutil
2. At the ntdsutil command type : rols
3. At the fsmo maintenance command prompt type: connection
4. At the server connect command prompt type: connect to server domain controller
5. at the server connection command prompt type: quit
To seize OMR
i) seize rid master
ii) seize pdc
iii) seize infrastructure master
iv) seize domain naming master
v) seize schema master
Go to Start Program Admin Tools Active Directory Users & Computer Right Click omain Name
Connect to Domain Controller Select Another Domain Controller Ok Right Click Domain Name
Operations Masters Select Role Change Ok Close
Go to Start Program Admin Tools Active Directory Domain & Trusts Right Click Active Directory
Domain & Trust Connect to Domain Controller Select Another Domain Controller Ok Right Click
Active Directory Domain & Trust Operations Masters Change Ok Close
2. Start Run mmc File Add Remove Snap-in Add Select Active Directory Schema Add Close
Ok File Save as Type Name AD Schema (optional) Save.
3. Start Admin Tools Open AD Schema Right Click Active Directory Schema Change Domain
Controller Specify Name Ok Right Click Active Directory Schema Operations Master Ok Close.
Go to Admin Tools Active Directory Sites & Services Expand Sites Expand Default First Site Name
Expand Server Expand Domain Controller Right Click NTDS Settings Properties Check Global
Catalog Apply Ok - Close
Normal restore
Start Computer in Safe mode - Select "Directory Service Restore mode" - Start - Run - ntbackup - Select
"Advanced Mode - Select "Restore Wizard (Advanced) - Next - Select Your AD Backup - check "System State" -
Next - Advanced - Next - Ok - Next - Next - Finish
Primary restore
Start Computer in Safe mode - Select "Directory Service Restore mode" - Start - Run - ntbackup - Select
"Advanced Mode - Select "Restore Wizard (Advanced) - Next - Select Your AD Backup - check "System State" -
Next - Advanced - Next - Ok - Next - Check "Restore Data as the primary data for all replicas" Finish
Authoritative restore
1. Restore you backup Normally as mentioned above
2. Before restarting computer - Go to Run - Cmd - Type "ntdsutil" - Authoritative restore - Restore subtree
ou=OU_Name,dc=Domain_Name,dc=xxx Quit Quit - Restart
In another words An organizational unit (OU) is a subdivision within an Active Directory into which you can
place & manage users, groups, computers, and other organizational units according to branch location wise,
company department wise etc...
An organizational unit is the smallest scope or unit to which you can assign Group Policy settings or delegate
administrative authority.
To Create an OU
Run dsa.msc Right Click on Domain Name Select New Select Organization Unit Type OU Name
(Any) Ok
To Move Users in OU
Go to Active Directory Users & Computer Right Click on User Select Move Select OU Ok
You can deploy software through group policy to any OU. Member of OU can get there software installed in
any computer in the domain.
2. Run "dsa.msc" - Right Click "OU" - Properties - Group Policy - Click "New" - Select "New Group Policy
Object" - Edit - User Configuration - Expand "Software Setting" - Right Click on "Software Installation" -
New - Package - Go to the Shared folder - Select ".msi file" - Click "Open" - Select "Assign" Ok
3. Right Click on "Software Installation" - Properties - Browse for shared folder - Click "Assign" - Apply - Ok
Close
Note: There are two options "Publish" & "Assign" if you "Assign" software it will be displayed on "Start Menu"
in "All Program" & if you "Publish" software it will be displayed in "Control Panel" in "Add New Program"
1. To Create Site
a. Start - Program - Admin Tools - Active Directory Sites & Services - Expend "Site" - Rename "Default-first-
site-name"
2. Move DC
Expand Server - Right Click on DC name - Select "Move" - Select "Site" - Ok
b. To add New Link - Right Click on "IP" - New Site Link - Name it (Exp.Delhi-Chennai) - Add Site in Site Link
Ok
There are two protocols for intersite transport "IP & "SMTP", if your WAN connection is persistent & reliable
then you'll create site link under "IP" Protocol, & if your WAN connection is unreliable & links goes up & down
frequently then you'll create site link under "SMTP" Protocol.
For example: There is merging or overtaking between two companies than we have to create trust
relationship between two different forests so that they can access resources of each other.
Trust Type
Default Trusts
Other Trusts
1. Default Trust
Two default Trusts are created when you use active directory installation wizard.
2. Other Trusts
Four other types of trusts can be created using the New Trust Wizard or the Netdom command-line tool
Trust Transitivity
1. Transitive Trust: A transitive trust can be used to extend trust relationships with other domains.
2. Non-Transitive Trust: a non-transitive trust can be used to deny trust relationships with other domains.
To Delegate Control:
On Domain
Start - Program - Admin Tools - Active Directory Users & Computers - Right Click "Domain" - Delegate Control -
Next - Add "User or Group" - Next - Select Task to Delegate - Next Finish
On Folder
Start - Program - Admin Tools - Active Directory Users & Computers - Right Click "Folder that you want to
control by other user & group" - Delegate Control - Next - Add "User or Group" - Next - Select Task to Delegate
- Next - Finish
LDAP
LDAP is a "lightweight directory access protocol". LDAP is a communication protocol designed for use on
TCP/IP network. LDAP standard is established by IETF (Internet Engineering Task Force).
AD clients communicate with domain controllers using LDAP protocol
When
logging onto the network
Searching for shared resources
access to domain controller & global catalog
E-mailing...etc.
2. Configuration Data contains topology of directory such as list of all domains, Trees, Forest, Location of DC
& Global Catalog
3. Schema Data contains definition & attribute of all objects in windows server 2003. There is default
schema that defines many object types, such as "User & Computer A/c, Domains, OU & Security Policy.
4. Application Data is also called as Application Directory Partition. It is not part of the directory data store.
It must be created, configured & manage. It is the case where replication is not required on a global scale.
Exchange Server
Exchange server is an application software which is used to install in windows server 2003 to configure
window Server2003 as an e-mail server.
E-mail Server is used to send & receive e-mail from once client computer to another client computer in LAN or
WAN.
In the market there are other email servers available such as:
a) Linux sendmail
b) Linux postfix
c) Linux exim
For an email-client application exchange support many e-mail client such as:
a) Outlook Express
b) Ms Office Outlook
c) Any Web Browser (IE, Firefox, Safari.. etc.)
d) Linux evolution
e) Linux mutt
f) IBM lotus notes
g) Novell GroupWise
2. Run dcdiag to test network connectivity & DNS resolution. To run this command first youve to install
support tools from Support Folder in windows server CD. To run this command your account must
have domain administrator & local machine administrator permission.
CMD dcdiag /f:<log file name>
If You are running this command tool from member server at this switch dcdiag /s:<Domain Controller?
3. Run netdiag to test network connectivity. Your account must have local machine administrator
permission. netdiag command sends output to the netdiag.log file.
4. Run forestprep to extend active directory schema. To run forestprep your account must have
following permissions
a) Enterprise administrator
b) Schema administrator
c) Domain administrator
d) Local machine administrator
You must run forestprep once in the forest in the domain where schema master resides.
5. Run domainprep to prepare domain for exchange 2003. Your account must have following permission:
a) Domain & Local machine administrator
It also create public folder, Proxy container. You must run domainprep once in each domain where
exchange server to be installed & in any domain that has exchange user.
Exchange require global catalog server where domainprep has been run
Note: To Install Exchange Server 2003 your account must have full exchange administrator permission at
organization level & local machine administrator permission.
To Start Service:
Start Run Services.msc find above mentioned services - Properties Set Startup Type Automatic
Apply Start Ok.
To Restore Account
Open Outlook Express Tools Accounts Import- Browse for backup file Open Close.
Public Folder
It is a folder of Exchange Server which is used as notice board since e-mails are private & send to specific user,
but public folder can be created & read by any user, however you can configure permissions for public folder
in exchange manager.
2. Start Run ntbackup Advanced Mode Restore Wizard Next Select Backup Next Select
restore to Exchange Server computer name Type Temporary Location of log & patch file Check
Last restore set Next Check Preserve existing volume mount point Next Finish.
1. Go to Start - Program - Exchange System Manager - Expand Server - Right Click Any "Exchange Server" -
New - Recovery Storage Group - Right Click "Recovery Storage Group" - Add Database to Group - Select
Mail box - Ok
3. Now again Open System Manager - Open "Recovery Storage Group" - Select "Restore Mail box" Right
Click it - Mount - Finish
In Enterprise Edition by default there is first storage group created & inside this group there will be one "Mail
box Store" & one "Public Folder Store". You can create Maximum "Four" Storage Group & inside each of them
there can be maximum "Five" stores either "Mail Box" or "Public Folder" Store, so there will be total 20 Store.
Circular Logging
If you'll enable circular logging then exchange server will reuse old log file.
Note:
1. Every storage group has its own log file.
2. If you enable circular logging then you can't take incremental or differential backup.
3. If you take "Normal" or Incremental" backup it will delete old log files.
To enable
Right Click Any Storage Group - Properties - Check "Enable Circular Logging" - Apply - Ok
2. Delivery Option
a) Send On Behalf (add other user to send massages on your behalf)
b) Forwarding Address (add other user to forward you incoming mail)
c) Recipients Limit (0 to 2097151 users) (to send massage at a time as "CC"
3. Storage Limit
a) Clear "Use mail box store"
I. Issue warning at (Set space limit point to show warning)
II. Prohibit Send at (Set Space limit point to Stop sending massages)
III. Prohibit Send & Receive (Set Space limit point to Stop sending & receiving massages)
Process to Connect:
Start - Program - Microsoft Exchange - System Manager - Right Click "First Organization" - Internet mail Wizard
- Next - Next - Select Server Name - Next - Next - Next - Next - Next - Next - Next - "Outbound SMTP domain
Restriction" - Next - Next - Finish
To View: Open Connectors - "Internet mail SMTP Connectors" - Properties - Make Changes (If required) -
Apply - Ok
2. Native Mode
In Native Mode it'll support only "Exchange 2000 Server, & Exchange Server 2003". Some more
features are also enabled in Native Mode.
You can change operation mode from "Mixed" to "Native" but it is irreversible, we can't change "Native
Mode" to "Mixed Mode".
To Delegate Control
Start - Program - Microsoft Exchange - System Manager - Right Click "First Organization" - Delegate Control -
Next - Add User - Browse - Advance - Find Now - Select User - Ok - Ok - Select Role - Ok - Next - Finish
To view it:
Start - Program - Microsoft Exchange - System Manager - Expand Recipients - All Global Address List - Right
Click "Default Global Address List - Properties - Preview.
To Create:
Start - Program - Microsoft Exchange - System Manager - Expand Recipients - All Global Address List - Right
Click - New - Global Address List - Type Name of List - Filter Rules - Check the Mentioned condition of recipient
Accordingly-Find Now - Select User - Ok - Finish
Commands Description
15. Convert Drive Letter /fs:ntfs - To format file system to ntfs format