Windows 2000 Server

1
Windows 2000 Server
Practicum Ac. J. 2002-2003 Prof. Koen De
Bosschere ir. Ronny Blomme
2
Doel van de oefening

• Configureren en beheren van een Windows 2000
  server
• File system partition, share,
• Accounts user, group,
• Security access rights, policy,

3
VMWare

• Virtuele PC, 128MB ram
• Non-persistent disk, 4GB Reset (of Power Off
  Power On) oefening herbeginnen. Windows2000
  shutdown oefening herbeginnen. Windows2000
  Restart is OK
• Network host only
• ltctrlgtltaltgtltdelgt in VMWare venster of via Power
  menu

4
Win2000 Edities

• Windows 2000 Professional
• vergelijk Windows NT Workstation
• Windows 2000 Server
• active directory services netwerkbeheer van
  gebruikers en andere middelen
• Windows 2000 Advanced Server
• high availability (clustering), scalability (smp
  8)
• Windows 2000 Datacenter Server
• load balancing, enhanced clustering

5
Domain/Workgroup
6
Active Directory

• Stored collection of information about objects
• Database of network objects
• Information related to network resources to
  facilitate locating and managing objects
• Identifies users and resources
• Provides a way to organize and access users and
  resources
• Allows you to perform a number of functions
• Acts as administration tool and end-user tool

7
Structuur

• Objecten (verzameling attributen)
• object class logische groepering van objecten
  (vb. Users, Groups, Computers)
• Organizational units (OUs)
• logische administratieve groepen in een domein
• Domains security boundary
• Trees hiërarchie van domeinen
• Forests verzameling trees (zonder dns hiërarchie)

8
(No Transcript)
9
Installatie Win2000 - Voorbereiding

• Minimum hardware vereisten
• Hardware Compatibility List
• Disk partitionering
• FAT of NTFS
• Licentie-schema per-server of per-seat
• Workgroup of Domain
• Nieuwe installatie of Update
• Backup huidige configuratie

10
Installatie Win2000

• Bootable CDROM
• 4 setup-floppies CDROM
• e
• cd bootdisk
• makeboot a
• Update vanuit WinNT3.51, WinNT4.0 (geen conversie
  van workstation naar server)
• Unattended install

11
Bestandensysteem

• NTFS
• file en directory beveiliging
• disk compressie
• disk quota
• encryptie
• FAT16 - FAT32
• compatibiliteit met andere besturingssystemen

12
Installatieverloop

• Pre-Copy phase
• Text Mode phase
• GUI Mode phase

13
Disk Management storage types
14
Disk management snap-in
15
NTFS 5.0 (skip)

• Reparse points (hierarchical storage management
  monteren van een logisch volume in een lege
  directory)
• Native Structured Storage (NSS)
• Disk quotas
• Sparse file support
• Line tracking and object identifiers
• Change Journal
• CD and DVD support

16
Shared Folder Permissions

• van toepassing op folders, niet op individuele
  bestanden.
• bieden geen bescherming indien de toegang gebeurt
  via de lokale computer, enkel bescherming indien
  toegang via netwerk
• enige bescherming op FAT volumes.
• default folder permission Everyone Full Control.
• allow or deny shared folder permissions to
  individual users or to user groups.
• Assign permissions to groups instead of user
  accounts to simplify access administration.

17
Administrative Shared Folders

• C, D, E, . . .
• Admin C\Winnt (the system root folder)
• Print C\Winnt\System32\Spool\Drivers (voor
  gedeelde printers)

18
NTFS Permissions richtlijnen

• Group resources into application, data, and home
  folders.
• Use NTFS permissions to control access to files
  and folders.
• Assign permissions to groups rather than
  individual user accounts.
• When assigning permissions to home folders,
  centralize home folders on a network volume
  separate from applications and the operating
  system.
• When assigning permissions to working data or
  applications folders, remove the default Full
  Control permission from the Everyone group.
• When assigning permissions to public data
  folders, assign Modify permission and Read
  Execute permission to the Users group and Full
  Control permission to the Creator Owner.
• It is better not to assign permissions than to
  deny permissions.
• Users should assign permissions to files and
  folders they own.

19
Distributed File System (Dfs)
20
Dfs links
21
Active Directory Services

• Domain Modes Mixed of Native
• Organizational Units en hun objecten
• Each Active Directory object is a distinct named
  set of attributes that represents a specific
  network resource.
• Before objects are added to Active Directory
  services, you should create the OUs that will
  contain those objects.

22
Active Directory Objects

• Wijzigen van attributes values Object
  Properties
• Verplaatsen van Objecten
• Opzoeken van Objecten (skip)

23
Win2000 User Accounts

• Domain user accounts
• worden gecreëerd in een OU
• Local user accounts
• niet in de Active Directory
• Built-in user accounts
• Administrator
• Guest

24
User Profile / Home Directory

• C\Documents and Settings\ltuser_logon_namegt
• Roaming profiles vs local user profile
• Mandatory profiles
• Ntuser.dat vs Ntuser.man
• Home directory
• shared folder, NTFS permissions

25
Groepen

• Security en Distribution groepen
• Scope
• Domain local (assign permissions to resources)
• Global (users met dezelfde rechten)
• Universal (enkel in native mode) -
  domeinoverschrijdend
• Nesting (beperk u tot 2 niveaus)
• Builtin Account Operators, Admins, Guests ...

26
Group Policy

• Centraal beheer van de gebruikers-(desktop)omgevin
  g
• Controle over de programmas die beschikbaar zijn
  voor de gebruiker, welke beschikbaar zijn op zijn
  desktop of in het Start menu
• Active Directory - Group Policy Container - Group
  Policy Object
• Group Policy Template (o.a. logon logoff scripts)
• systemroot\SYSVOL\sysvol\microsoft.com\Policies\
  ...

27
Niet in deze oefening...

• Beheer van Printer services
• Netwerkprotocollen en services
• Routing en Remote Access Service (o.a. VPN)
• Security PKI, Cryptografie, Certificaten,
  Kerberos, Auditing
• Reliability / Availability
• Monitoring en optimalisatie
• Application servers, IIS