n+ journal

7/31/2019 N+ Journal

1/140

N+ Journal

Install Microsoft DNS Server

1. Click Start, point to Settings, and then click Control Panel.2. Double-click Add/Remove Programs.

3. Click Add and Remove Windows Components.

4. The Windows Components Wizard starts. Click Next.5. Click Networking Services, and then click Details.6. Click to select the Domain Name System (DNS) check box, and then click

OK.7. Click OK to start server Setup. The DNS server and tool files are copied

to your computer.8. Continue to the next step to configure the DNS server.

Configure the DNS Server Using DNS Manager

These steps guide you through configuring DNS by using the DNS Managersnap-in in Microsoft Management Console (MMC).

1. Click Start, point to Programs, point to Administrative Tools, and then

click DNS Manager. You see two zones under your computer name: ForwardLookup Zone and Reverse Lookup Zone.

2. The DNS Server Configuration Wizard starts. Click Next.3. If the Wizard does not auto-start, right-click your server name object in the DNS Managerconsole and choose Configure your Server.

Page 1


2/140

N+ Journal

4. Choose to add a forward lookup zone. Click Next. The new forwardlookup zone must be a primary zone so that it can accept dynamic updates.

Click Primary, and then click Next.

5. The zone name must be exactly the same as your Active DirectoryDomain name, or, if on a stand-alone or workgroup environment - the same as

the suffix for all of the network computers that are to register with this DNSserver. Type the name of the zone, and then click Next.

Page 2


3/140

N+ Journal

6. Accept the default name for the new zone file. Click Next.

7. Choose to add a reverse lookup zone now. Click Next.

Page 3


4/140

N+ Journal

8. Click Primary, and then click Next.9. Type the name of the zone, and then click Next. The zone name should

match the Network ID of your local subnet. For example, if your subnet range isfrom 192.168.0.1 to 192.168.0.254, type 192.168.0 in the name value.

Page 4


5/140


6/140

N+ Journal

Configure VPN Server

1. Go to Start > Administrative Tools > Routing and Remote Access.

2. Right click on server and select Configure and Enable Routing and RemoteAccess.

Page 6


7/140

N+ Journal

3. This is the wizard for configuration, Click Next.

Page 7


8/140

N+ Journal

4. Select Custom Configuration.

Page 8


9/140

N+ Journal

5. Now, select VPN access.

Page 9


10/140

N+ Journal

6. Click Finish to complete configuration Wizard.

7. It will ask for starting Routing and Remote Access service. Click Yes.

Page 10


11/140

N+ Journal

8. Wait for some time because it is starting the service.

Page 11


12/140

N+ Journal

9. Now, the server has been configured success fully.

You can see the Network Interfaces, Ports etc of your VPN server.

Page 12


13/140

N+ Journal

10. The following window is showing that the one remote access client isconnected with VPN server via VPN dialer. You can send message to that

client, you cam also disconnect that client from here.

Page 13


14/140

N+ Journal

Create VPN Connection at Client Side1. Click Start Control Panel Network Connections Click Create

a new connection from Network task panel from left side.

Page 14


15/140

N+ Journal

2. Click Next to create VPN Connection.

Page 15


16/140

N+ Journal

3. Select Connection to the network at my workplace option and then

click Next.

4. Select Virtual Private Network Connection and then click Next.

Page 16


17/140

N+ Journal

5. Type your company name and then click Next.

Page 17


18/140

N+ Journal

6. Type IP address of VPN Server or name of network

machine on which VPN Server is running.

7. Click Finish to complete the process.

Page 18


19/140

N+ Journal

Page 19


20/140

N+ Journal

Setting up a DHCP Server

This will serve as a step-by-step guide on how to setup a DHCP server.

Installing the DHCP server is made quite easy in Windows 2003. By using the "Manage

your server" wizard, you are able to enter the details you require and have the wizard set

the basics for you. Open to "Manage your server" wizard, select the DHCP server optionfor the list of server roles and press Next.

You will be asked to enter the name and description of your scope.

Scope: A scope is a collection of IP addresses for computers on a subnet that use DHCP.

The next window will ask you to define the range of addresses that the scope will distribute

across the network and the subnet mask for the IP address. Enter the appropriate details andclick next.

Page 20


21/140

N+ Journal

You are shown a window in which you must add any exclusions to the range of IP

addresses you specified in the previous window. If for example, the IP address 10.0.0.150is that of the company router then you won't want the DHCP server to be able to distribute

that address as well. In this example I have excluded a range of IP addresses, 10.0.0.100 to

10.0.0.110, and a single address, 10.0.0.150. In this case, eleven IP's will be reserved and

not distributed amongst the network clients.

Page 21


22/140

N+ Journal

It is now time to set the lease duration for how long a client can use an IP address assigned

to it from this scope. It is recommended to add longer leases for a fixed network (in theoffice for example) and shorter leases for remote connections or laptop computers. In this

example I have set a lease duration of twelve hours since the network clients would be a

fixed desktop computer in a local office and the usual working time is eight hours.

Page 22


23/140

N+ Journal

You are given a choice of whether or not you wish to configure the DHCP options for the

scope now or later. If you choose Yes then the upcoming screenshots will be of use to you.Choosing No will allow you to configure these options at a later stage.

Page 23


24/140

N+ Journal

The router, or gateway, IP address may be entered in next. The client computers will then

know which router to use.

Page 24


25/140

N+ Journal

In the following window, the DNS and domain name settings can be entered. The DNSserver IP address will be distributed by the DHCP server and given to the client.

If you have WINS setup then here is where to enter the IP Address of the WINS server.You can just input the server name into the appropriate box and press "Resolve" to allow it

to find the IP address itself.

Page 25


26/140


27/140

N+ Journal

The DHCP server has now been installed with the basic settings in place. The next stage isto configure it to the needs of your network structure.

Configuring a DHCP server

Hereunder is a simple explanation of how to configure a DHCP server.

The address pool displays a list of IP ranges assigned for distribution and IP addressexclusions. You are able to add an exclusion by right clicking the address pool text on the

left hand side of the mmc window and selecting "new exclusion range". This will bring up

a window (as seen below) which will allow you to enter an address range to be added.

Entering only the start IP will add a single IP address.

DHCP servers permit you to reserve an IP address for a client. This means that the specific

network client will have the same IP for as long as you wanted it to. To do this you will

have to know the physical address (MAC) of each network card. Enter the reservation

name, desired IP address, MAC address and description - choose whether you want tosupport DHCP or BOOTP and press add. The new reservation will be added to the list. As

an example, I have reserved an IP address (10.0.0.115) for a client computer called

Andrew.

Page 27


28/140

N+ Journal

Page 28


29/140

N+ Journal

Installing Active Directory

Here is a quick list of what you must have:

An NTFS partition with enough free space

An Administrator's username and password

The correct operating system version

A NIC

Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway)

A network connection (to a hub or to another computer via a crossover cable)

An operational DNS server (which can be installed on the DC itself)

A Domain name that you want to use

The Windows Server 2003 CD media (or at least the i386 folder)

Brains (recommended, not required...)

Running DCPROMO

After completing all the previous steps (remember you didn't have to do them) and after doublechecking your requirements you should now run Dcpromo.exe from the Run command.

1. Click Start, point to Run and type "dcpromo".

2. The wizard windows will appear. Click Next.

3. In the Operating System Compatibility windows read the requirements for the domain'sclients and if you like what you see - press Next.

Page 29


30/140

N+ Journal

4.

4. Choose Domain Controller for a new domain and click Next.

5. Choose Create a new Domain in a new forest and click Next. \

Page 30


31/140

N+ Journal

6.

6. Enter the full DNS name of the new domain, for example - kuku.co.il - this must be the sameas the DNS zone you've created in step 3, and the same as the computer name suffix you've createdin step 1. Click Next.

This step might take some time because the computer is searching for the DNS server and checking tosee if any naming conflicts exist.

Page 31


32/140

N+ Journal

7. Accept the the down-level NetBIOS domain name, in this case it's KUKU. Click Next

8. Accept the Database and Log file location dialog box (unless you want to change them ofcourse). The location of the files is by default %systemroot%\NTDS, and you should not change it

unless you have performance issues in mind. Click Next.

Page 32


33/140

N+ Journal

9. Accept the Sysvol folder location dialog box (unless you want to change it of course). Thelocation of the files is by default %systemroot%\SYSVOL, and you should not change it unless youhave performance issues in mind. This folder must be on an NTFS v5.0 partition. This folder will hold

all the GPO and scripts you'll create, and will be replicated to all other Domain Controllers. Click Next.

10. If your DNS server, zone and/or computer name suffix were not configured correctly you willget the following warning:

Page 33


34/140

N+ Journal

This means the Dcpromo wizard could not contact the DNS server, or it did contact it but could not finda zone with the name of the future domain. You should check your settings. Go back to steps 1, 2 and3. Click Ok.

You have an option to let Dcpromo do the configuration for you. If you want, Dcpromo can install the

DNS service, create the appropriate zone, configure it to accept dynamic updates, and configure theTCP/IP settings for the DNS server IP address.

To let Dcpromo do the work for you, select "Install and configure the DNS server...".

Click Next.

Otherwise, you can accept the default choice and then quit Dcpromo and check steps 1-3.

11. If your DNS settings were right, you'll get a confirmation window.

Just click Next.

12. Accept the Permissions compatible only with Windows 2000 or Windows Server 2003 settings,unless you have legacy apps running on Pre-W2K servers.

Page 34


35/140

N+ Journal

13. Enter the Restore Mode administrator's password. In Windows Server 2003 this password canbe later changed via NTDSUTIL. Click Next.

14. Review your settings and if you like what you see - Click Next.

Page 35


36/140

N+ Journal

15. See the wizard going through the various stages of installing AD. Whatever you do - NEVERclick Cancel!!! You'll wreck your computer if you do. If you see you made a mistake and want to undoit, you'd better let the wizard finish and then run it again to undo the AD.

Page 36


37/140

N+ Journal

16. If all went well you'll see the final confirmation window. Click Finish.

Page 37


38/140

N+ Journal

17. You must reboot in order for the AD to function properly.

18. Click Restart now.

Page 38


39/140

N+ Journal

Recover Deleted Objects of Active Directory.

To manually undelete objects in a deleted object's container, follow these steps:

1. ClickStart, clickRun, and then type LDP.exe.

Note: If the LDP.exe utility is not installed, install the support tools from the Windows Server 2003

installation CD, or get them from Windows 2003 SP1 Support Tools.

2. Use the Connection menu in LDP to perform the connect operations and the bind operations to a

Windows Server 2003 domain controller. Specify domain administrator credentials during the bind

operation.

Page 39
http://www.petri.co.il/images/restr_itm_ad_1.gif


40/140

N+ Journal

3. ClickOptions > Controls.

4. In the Load Predefined list, clickReturn Deleted Objects. Under Control Type, clickServer, and the

clickOK.

Page 40
http://www.petri.co.il/images/restr_itm_ad_5.gifhttp://www.petri.co.il/images/restr_itm_ad_4.gifhttp://www.petri.co.il/images/restr_itm_ad_3.gif


41/140

N+ Journal

5. ClickView > Tree. Now type the distinguished name path of the deleted objects container in thedomain where the deletion occurred, and then clickOK.

Note: The distinguished name path is also known as the DN path. For example, if the deletion occurred inthe petri.local domain, the DN path would be the following path:

6. In the left pane of the window, double click the Deleted Object Container.

Note: As a search result of LDAP query, only 1000 objects are returned by default. For example, if more

than 1000 objects exist in the Deleted Objects container, not all objects appear in this container. If your

target object does not appear, use NTDSUTIL, and then set the maximum number by using maxpagesize toget the search results.

7. Double-click the object that you want to undelete or to reanimate.

8. Right-click the object that you want to reanimate, and then clickModify.

Page 41


42/140

N+ Journal

9. Next, change the value for the isDeleted attribute and the DN path in a single Lightweight Directory

Access Protocol (LDAP) modify operation.

To configure the Modify dialog, follow these steps:

a. In the Edit Entry Attribute box, type isDeleted. Leave the Value box blank.

b. Click the DELETE option button, and then clickEnter to make the first of two entries in the Entry List

dialog.

Important: Do not click Run at this phase!!!

c. In the Attribute box, type distinguishedName. In the Values box, type the new DN path of thereanimated object. For example, to reanimate the TestUser user account to the Sales OU, use the following

DN path:

Note: If you want to reanimate a deleted object to its original container, append the value of the deleted

object's lastKnownParent attribute to its CN value, and then paste the full DN path in the Values box.

Page 42


43/140

N+ Journal

d. In the Operation box, clickREPLACE. ClickENTER.

e. Click to select the Synchronous check box, and the Extended check box.

f. ClickRUN. Note the results pane on the right side showing you that the operation was successful.

Page 43
http://www.petri.co.il/images/restr_itm_ad_11.gifhttp://www.petri.co.il/images/restr_itm_ad_10.gif


44/140

N+ Journal

10. After you reanimate the objects, clickOptions > Controls and click the Check Out button to remove(1.2.840.113556.1.4.417) from the Active Controls box list.

11. Open Active Directory Users and Computers, and reset the user account passwords, profiles, homedirectories and group memberships for the deleted users. You need to do this because when the object was

deleted, all the attribute values except SID, ObjectGUID, LastKnownParent and SAMAccountName were

stripped.

12. Enable the reanimated account in Active Directory Users and Computers.

Note: The restored object has the same primary SID as it had before the deletion, but the object must be

added again to the same security groups to have the same level of access to resources. The RTM release of

Windows Server 2003 does not preserve the sIDHistory attribute on reanimated user accounts, computer

accounts, and security groups, however, Windows Server 2003 with Service Pack 1 does preserve the

sIDHistory attribute on deleted objects.

Page 44


45/140

N+ Journal

13. If you do not reset the reanimated user account's password you will get an error saying:

Windows cannot enable object TestUser because:

Page 45


46/140

N+ Journal

To install SNMP on Windows XP or 2000follow the steps given below:

1. You must be logged on as an administrator or a member of theAdministrators group to complete this procedure. If your computer is

connected to a network, network policy settings may also prevent you fromcompleting this procedure.

2. Click Start, point to Settings, click Control Panel, double-click Add orRemove Programs, and then click Add/Remove Windows Components.

3. In Components, click Management and Monitoring Tools (but do notselect or clear its check box), and then click Details.

4. Select the Simple Network Management Protocol check box, and click OK.

5. Click Next.

6. Insert the respective CD or specify the complete path of the location at whichthe files stored.

7. SNMP starts automatically after installation.

Configuring SNMP Agent

To configure SNMP agent in Windows XP and 2000 systems, follow the steps given

below:

Step 1 - Click Start, point to Settings, and then click Control Panel. Double-

click Administrative Tools and then double-click Computer Management.

Step 2 - In the console tree, click Servicesand Applications and then click

Services.

Step 3 - In the details pane, scroll down and click SNMP Service.

Step 4 - On the Action menu, click Properties.

Step 5 - On the Security tab, select Send authentication trap if you want a

trap message to be sent whenever authentication fails.

Step 6 - Under Accepted community names, click Add.

Step 7 - Under Community Rights, select a permission level for this host toprocess SNMP requests from the selected community.

Step 8 - In Community Name, type a case-sensitive community name, and

then click Add.

Step 9 - Specify whether or not to accept SNMP packets from a host:

Page 46


47/140

N+ Journal

o To accept SNMP requests from any host on the network, regardlessof identity, clickAccept SNMP packets from any host.

o To limit acceptance of SNMP packets, clickAccept SNMP packetsfrom these hosts, clickAdd, type the appropriate host name, IP or

IPX address, and then clickAdd again.

Step 10 - ClickApply to apply the changes.

Configuring Traps

Step 1 - Click Start, point to Settings, and then clickControl Panel. Double-clickAdministrative Tools, and then double-clickComputer Management.

Step 2 - In the console tree, clickServicesand Applications and then click

Services.

Step 3 - In the details pane, clickSNMP Service.

Step 4 - On the Action menu, clickProperties.

Step 5 - On the Traps tab, underCommunity name, type the case-sensitive

community name to which this computer will send trap messages, and then

clickAdd to list.

Step 6 - In Trap destinations, clickAdd.

Step 7 - In Host name, IP or IPX address, type information for the host, and

clickAdd.

Step 8 - Repeat steps 5 through 7 until you have added all the communities

and trap destinations you want.

Step 9 - ClickOKto apply the changes.

Page 47


48/140

N+ Journal

Configure Web Printer1. First Install Web Printing Service.

1. Click Start Control Panel Add/Remove Programs

Add/Remove Windows Components.

2. Select the Application Server Option and click

Details

3. Select the Internet Information Services (IIS) option

and click Details

Page 48


49/140

N+ Journal

4. Select Internet Printing option and click OK.

5. After the complete the process then click the Next.

Page 49


50/140

N+ Journal

6. Click Finish to complete.

2. Second Install Printer At Local Machine ( Print Server or

Any Local Machine On Which Web Printing Service

Running )

Page 50


51/140

N+ Journal

1. Click start Control Panel Printer and Faxes

2. Click Add a Printer from Printer task.

3. Click Next to install printer

4. Select the port or create a new port and then click

Next.

Page 51


52/140

N+ Journal

5. Select the printer manufacture and select printer

model and then click Next to install printer driver.

6. Type the name of printer and then click Next.

Page 52


53/140

N+ Journal

7. Type the share name of printer and then click Next.

Page 53


54/140

N+ Journal

8. Give the location of printer and description and then

click Next.

9. If you want to print a test page then select Yes

otherwise No and then click Next.

Page 54


55/140

N+ Journal


Page 55


56/140

N+ Journal

3. Install the Printer at client end.

1. Click start Control Panel Printers and Faxes

2. Click Add a printer from Printer task panel.

3. Click Next to install printer.

Page 56


57/140

N+ Journal

4. Select a network printer and click Next.

5. Select the third option and give the URL of printer on

the internet and then click Next.

Page 57


58/140

N+ Journal

6. Give the appropriate security and then click Next.


Page 58


59/140


60/140

N+ Journal

Configure TFTP.

The TFTP Server runs in a background mode, it does not have any user interface. There are

number of ways to monitor and configure your server:

TFTP Server Configuration Manager

Service Manager

Log Files

Windows NT/2000 EventLog

TFTP Server Configuration Manager

TFTP Server Configuration Manager is a special utility intended for TFTP Server configuration.

You can run the TFTP Server Configuration Manager from the WinAgents TFTP Server group in

Start menu. The main window of the application contains four property sheets allowing you to

manage different aspects of the service configuration.

Figure 1. TFTP Software Configuration (page 1).

The first page allows to configure basic parameters of the TFTP software. You can specify TFTP

root directory, port which the TFTP Server will listen, timeout and number of retries here. On the

first page you can specify if the server will overwrite existing files during write requests. In

addition you can increase base priority of the server process usgin the 'High priority level'

Page 60


61/140

N+ Journal

checkbox. It will make the server more efficient under heavy load. Finaly, you can specify TFTP

options supported by the server. Currently, the following options are available:

timeout - allows the server to accept tftp timeout setting from tftpclients.

blocksize - allows the server to accept size of transfer blocks settingfrom tftp clients. TFTP protocol uses 512-byte blocks to transfer databy default. However, tftp clients can request to use large blocks inorder to increase performance.

tsize - if this option supported, tftp clients can request size of fielbefore the transfer will start.

Figure 2. TFTP Server Configuration (page 2).

The second page allows you to configure access rights based on the clients IP addresses. There

are two sorts of access rights available: default rights and per-client rights. The server applies

default rights until the client has per-client rights.

The following rights are available:

No access - client does not have access to TFTP server

Read - client can only read files from TFTP server

Write - client can only write files to TFTP server.

Read/Write - client have both Read and Write access to TFTP server

We recommend to specify No Access by default and grant neccessary access rights only to

restricted set of TFTP clients.

Page 61


62/140

N+ Journal

Also, you can add exceptions to the default rule. After you click 'Add' button at the bottom of the

exceptions list, you will get the rule editing dialog. It allows you to configure custom access right

for specified network or single IP address. The Figure 3 illustrates the rule editing dialog.

Figure 3. Editing IP-based access rule.

The fourth page allows network administrators to specify UDP port range used by TFTP Server

to transfer data. TFTP protocol uses fortuitous UDP ports for client sessions. It makes hard to

specify firewall rules permitting traffic to TFTP Server. This page helps to restrict port range and

makes possible to describe incoming TFTP traffic on firewall.


Page 62


63/140

N+ Journal

The fifth page allows you to define logging options. You can turn logging on by clicking 'Write

Log' checkbox on the first page. In case you want to log server messages, you should specify

directory where the logfiles would be stored. Also, you can specify the number of logfiles in the

directory, logging level and timestamp type. The service rotates logfiles if the number of logfiles

you specified are exceeded.


Service Manager

Service Manager allows you to manage the state of your TFTP Server. Please see special page for

more information related to Service Manager.

Log Files

During the operation time, the TFTP Server writes information messages into the logfiles. You

can view these logfiles using any text viewer. The logfiles contain timestamped text messages.

The server uses UNC timestamps, so you should apply timezone offset in order to get local time

related to appropriate message.

For example, the text log can contain the following strings:

2002/10/15 12:03:41 UTC [1896/1776]: Listener stopped.

2002/10/15 12:04:44 UTC [2248/1896]: Starting TFTP listener...

2002/10/15 12:04:44 UTC [2248/1896]: Listening for requests...

2002/10/15 12:18:27 UTC [2248/1896]: Processing TFTP request...

2002/10/15 12:18:27 UTC [2248/1896]: Request from

192.168.1.2:53549

Page 63
http://www.tftp-server.com/tftp_server_service_manager.htmlhttp://www.tftp-server.com/tftp_server_service_manager.html


64/140

N+ Journal

2002/10/15 12:18:27 UTC [2248/1204]: Write request for border-

config;

mode=octet

2002/10/15 12:18:27 UTC [2248/1204]: Write request for border-

config

completed successfully. 2759

bytes received from theclient.

Each string corresponds to the following format:

yyyy/mm/dd hh:mm:ss timezone [ProcessID/ThreadID]: message

You can quickly access to TFTP Server log files through the 'Log Files' shortcut located in

'Start->Programs>WinAgents TFTP Service' group.

Windows NT/2000 EventLog

The TFTP Server uses Windows NT/2000 EventLog to write most critical messages. You can

view EventLog using EventLog Viewer utility. TFTP Server messages have source named

'TFTPd'. Please refer to EventLog if you do not have any messages in TFTP Server logfiles - it

will help you to solve the problem.

Page 64


65/140

N+ Journal

Install And Configure FTP Server

IIS is not installed by default during a standard installation of Windows Server 2003, and if

you installed IIS using Manage Your Server as described in the previous article this installsthe WWW service but not the FTP service. So before we can create FTP sites we first haveto install the FTP service on our IIS machine. To do this, we need to add an additional

component to the Application Server role we assigned our machine when we used Manage

Your Server to install IIS.

Begin by opening Add or Remove Programs in Control Panel and selecting Add/RemoveWindows Components. Then select the checkbox for Application Server:

Click Details and select the checkbox for Internet Information Services (IIS):

Page 65


66/140

N+ Journal

Click Details and select the checkbox for File Transfer Protocol (FTP) Services.

Click OK twice and then Next to install the FTP service. During installation you''ll need to

insert your Windows Server 2003 product CD or browse to a network distribution point

where the Windows Server 2003 setup files are located. Click Finish when the wizard isdone.

Page 66


67/140

N+ Journal

Creating an FTP Site

As with web sites, the simplest approach to identifying each FTP site on your machine is to

assign each of them a separate IP address, so let''s say that our server has three IP addresses

(172.16.11.210, 172.16.11.211 and 172.16.11.212) assigned to it. Our first task will be tocreate a new FTP site for the Human Resources department, but before we do that let''s first

examine the Default FTP Site that was created when we installed the FTP service on our

machine. Open IIS Manager in Administrative Tools, select FTP Sites in the console tree,and right-click on Default FTP Site and select Properties:

Just like the Default Web Site, the IP address for the Default FTP Site is set to All

Unassigned. This means any IP address not specifically assigned to another FTP site on the

machine opens the Default FTP Site instead, so right now opening either

ftp://172.16.11.210, ftp://172.16.11.211 or ftp://172.16.11.212 in Internet Explorer willdisplay the contents of the Default FTP Site.

Let''s assign the IP address 172.16.11.210 for the Human Resources FTP site and make

D:\HR the folder where its content is located. To create the new FTP site, right-click on theFTP Sites node and select New --> FTP Site. This starts the FTP Site Creation Wizard.

Click Next and type a description for the site:

Page 67


68/140

N+ Journal

Click Next and specify 172.16.11.210 as the IP address for the new site:

Click Next and select Do not isolate users, since this will be a site that anyone (including

guest users) will be free to access:

Page 68


69/140

N+ Journal

Click Next and specify C:\HR as the location of the root directory for the site:

Click Next and leave the access permissions set at Read only as this site will only be used

for downloading forms for present and prospective employees:

Page 69


70/140

N+ Journal

Click Next and then Finish to complete the wizard. The new Human Resources FTP site

can now be seen in IIS Manager under the FTP Sites node:

To view the contents of this site, go to a Windows XP desktop on the same network and

open the URL ftp://172.16.11.210 using Internet Explorer:

Page 70


71/140

N+ Journal

Note in the status bar at the bottom of the IE window that you are connected as an

anonymous user. To view all users currently connected to the Human Resources FTP site,

right-click on the site in Internet Service Manager and select Properties, then on the FTPSite tab click the Current Sessions button to open the FTP User Sessions dialog:

Page 71


72/140

N+ Journal

Setting up Windows 2003 as a Terminal Server

Open the configure your server wizard from Administrative Tools and in the select a role

section, choose Terminal Server and click Next twice to confirm your actions. The wizard

will then start to install the required files and warn you that the machine will have to be

restarted during the installation process. Close any open programs and click OK.

The installation will continue for a few minutes before the machine is restarted. After the

machine has booted and you logon, you are presented with a confirmation screen that states

the computer is now a terminal server.

Page 72


73/140

N+ Journal

It is important to take note that a 120-day evaluation period has been allocated forunlicensed clients. If you do not obtain a license within that period then terminal services

clients will no longer be able to initiate a session.

Licensing

This is probably where the most changes have been made. Microsoft have introduced a peruser license to add to the already familiar per device method.

To make your machine a terminal server license server you will have to install it separately.

This can be done from the windows components wizard section in the add/remove windowfrom the control panel.

Page 73


74/140

N+ Journal

Once you have installed this option your server will be listed in the terminal serverlicensing console.

You will have to activate the server before it can start distributing licenses. Activation of

the licensing server can be done via a direct connection to the internet, a web browser orover the telephone. The following is a screenshot of the terminal server licensing console

demonstrating what you would have to do to start the activation process.

Page 74


75/140

N+ Journal

This will bring up a wizard asking you to enter details and select options to suite yourneeds.

Follow the on screen instructions and press Finish when you are done.

Terminal Services Manager

When you select the server name you can choose to view and manage the Users, Sessionsor Processes tab. The green icons indicate that the server is online. If you had to disconnect

it, the icons would be gray.

The Users tab allows you to see who is connected, how long they have been connected and

the state of their connection. If you select a user and right click you can disconnect or resetthe users session, send a message (which will be displayed as a pop-up message box on

the client side), view the status or log the person out of the terminal server session.

The Sessions tab permits the viewing and control of the terminal server sessions. You can

right click a session and select the status to see the incoming and outgoing data or reset toreset the session.

The processes tab shows all the processes that are running and which user they belong to

(this is a simplified version of the processes tab found on the windows task manager).

Select a user, click the right mouse button and choose end process to kill the process.

The image below shows the Terminal Services Manager with an active connection initiatedby a user (andrew).

If you select the RDP-Tcp#12 (username) option you can view the processes and session

information specific to that user. Note: The #12 number will be different for each session.

Favorite servers will list all the servers that you have added as a favourite - you can do

this by right clicking a server and selecting add to favorites.

Page 75


76/140

N+ Journal

You are able to connect to multiple terminal servers by press Actions > Connect tocomputer. These will be listed in the All Listed Servers node.

Terminal Services Configuration

The screenshot below is that of the Terminal Services Configuration.

Any connections that have been setup will be displayed in the connections part of the

console. Double click a connection to open the properties page.

Page 76


77/140

N+ Journal

The following table will describe what actions you may take on each tab.

TabDescription

General add a comment, change the encryption level, enable standard windows

authentication

Logon Settings select whether or not to always use the same credentials for logging on,enable always prompt for password

Sessions select whether to override the users settings with a set of predefined settings

Environment choose to override settings of a user profile and run a program when the userlogs on

Remote Control change the way the remote control facility is used, disable remote control

Client Settings change connection, colour and mappings settings

Page 77


78/140

N+ Journal

Network Adapter specify the type of network adapter you want to use and change theconnection limit

Permissions specify the user permissions (who has access to the terminal server and who

doesnt)

The server settings section enables you to modify the settings of the server. Double click asetting from the list to bring up the appropriate window and be given the option to make a

change.

Each setting shown in the above window is self explanatory. The settings in the list each

have an attribute which you can set according to your preferences.

Web Client

The terminal services web client will allow you to logon to a terminal server from yourweb browser. This is very handy as it provides quick and easy access from anywhere.

Open your web browser and in the address bar type the following details:

http://server_name/tsweb

Page 78


79/140

N+ Journal

where server_name is the name of the terminal server (this can also be the IP address). Ifthe WWW service and the tsweb website has been started on the server then you will be

directed to a page like the one seen below:

Enter the name of the server you want to connect to and choose the size of the screen

before clicking connect. If you do not already have the required ActiveX componentinstalled then you will be prompted to install it click Yes when the window pops up and

asks you to confirm the setup. In my example I have chosen for the screen to use a

800x600 display size. The web browser will act as a place holder for the terminal servicesscreen to be displayed, as shown in the following screenshot.

Page 79


80/140

N+ Journal

Page 80


81/140

N+ Journal

Block ICMP PING

1. Go to Start>Run.

2. Type gpedit.msc (i.e. Group Policy).It will open the Group Policy Winow.

3. Go to Computer Configuration > Windows Settings > Security Settings > IPSecurity Polices on Local Computer

4. Right Click in the right window and click on Create IP Security Policy.

This will open a wizard for Creating a new Policy.

5. Give the name of the new ip security policy.

Page 81


82/140

N+ Journal

6. Click on Activate default response rule.

Page 82


83/140

N+ Journal

7. Define the response rule authentication Method.

Page 83


84/140

N+ Journal

8. This will open the window that allow you to add properties of that policy.

Page 84


85/140

N+ Journal

9. Click on Add to define new IP security rule.

NOTE:-Remove the use Ad Wizard check mark.

Page 85


86/140

N+ Journal

10. Click on Add button to add new IP Filter List.

Page 86


87/140

N+ Journal

11. Give the name and click Add button.

Page 87


88/140

N+ Journal

12. Provide the filtering for that filter action.

For example if you want to block the any outside machine to ping your machinegive the following settings

Page 88


89/140

N+ Journal

13. Because you are blocking the ICMP you have to select the ICMP from the list.

Page 89


90/140

N+ Journal

14. Set that list as default by clicking on it.

Page 90


91/140

N+ Journal

15. Click on filter action to define a filter action and then click on Add Button.

Page 91


92/140

N+ Journal

16. Because you want to block the ping you have to select the block.

Page 92


93/140

N+ Journal

17. Set it as default by clicking on it. Press apply and ok button for all open windows.

Page 93


94/140

N+ Journal

18. To apply this policy, right click on the policy and click on Assign.

Page 94


95/140

N+ Journal

You have block the ICMP ping using this policy. If any machine try to ping your IPaddress it will get the following window.

Page 95


96/140

N+ Journal

Prevent Any Windows Application

1. Go to Start > Run and type gpedit.msc

2. Go to User Configuration > Administrative Templates >System and DoubleClick on Dont Run Specified Windows Application

Page 96


97/140

N+ Journal

3. If it is Disabled or Not Configured, enable it and click on Show Button.

Page 97


98/140

N+ Journal

4. Click on Add button to add program path that you want to block.For example if you want to block command prompt type cmd.exe.

5. Press ok button and update the Group Policy.

To update Group Policy go to run and type gpupdate /force

6. Try to open the Command Prompt you will get the following Message.

Page 98


99/140

N+ Journal

Red hat Installation

There are two way to install the Red hat Linux Operating System.

1. Graphical Mode.2. Text Mode.

1. Graphical Mode Installation of Red hat Linux.

1. Press the Enter Key to install the red hat graphically.

Page 99


100/140

N+ Journal

2. Select Skip and press Enter to Skip the CD testing.

3. Click Next to installation process.

Page 100


101/140


102/140

N+ Journal

6. Select Skip entering Installation Number and then Click OK.

7. Click the Skip the Installation Number process.

Page 102


103/140

N+ Journal

8. Read the instruction and give the appropriate answer for warning message box.

9. If you want to create portions manually then select Create custom layout and then

Click Next.

Page 103


104/140

N+ Journal

10. Select the Free Area of Drive and click New to create partitionAs your requirement. If you want to edit the particular partition then select the

Partition that you want edit then click Edit button. If you want to delete particular

Partition then select the partition that you want delete and then click the DeleteButton. Click Next.

11. If you want to set boot loader password then check mark the Use a boot loader

Password and then give the password. And configure the advance boot loader

Options as your requirements. Click Next.

Page 104


105/140

N+ Journal

12. Select the region and then click Next.

13. Give the Root Password and then Click Next.

Page 105


106/140

N+ Journal

14. If you want to customize installation then select Customize now option and thenclick Next other wise click Next

15. Click Next.

Page 106


107/140

N+ Journal

16. After all package is installed, click Next.

17. Click Reboot to restart the computer or system.

Page 107


108/140

N+ Journal

18. Click Forward to configure the installed Red hat operating system.

19. Select the Yes, I agree to the License Agreement and click Forward.

Page 108


109/140

N+ Journal

20. Configure the Firewall as your requirements.

21. Set SELinux Setting as Permissive and click Forward.

Page 109


110/140

N+ Journal

22. If you want to set Kdump memory then check mark Enable kdump and then clickForward.

23. Set the date and time and then click Forward.

Page 110


111/140

N+ Journal

24. Set up software updates and then click Forward.

25. Create the user and then click Forward.

Page 111


112/140

N+ Journal

26. Test the sound card and then click Forward.

27. If you want to install additional packages from CD then click install button other

Wise click Finish.

Page 112


113/140

N+ Journal

2. Text Mode Installation of Red hat Linux.

1. Type the linux text and then enter

2. Click Skip to skip the CD testing process.

Page 113


114/140

N+ Journal

3. Click OK to setup Red hat Linux.

4. Select Language would you like to use during the installation and press OK.

Page 114


115/140

N+ Journal

5. Select the model of keyboard attached to this computer and click OK.

6. Select Skip entering Installation Number and click OK.

Page 115


116/140

N+ Journal

7. Select Skip and press enter.

8. Click Yes to initialize the drive and erase all data on drive.

Page 116


117/140

N+ Journal

9. Select Create custom layout and click OK.

10. Select Free space and create the partitions as your requirements you also delete and

Edit the partitions. After create all partitions select OK and press enter.

Page 117


118/140

N+ Journal

11. Click Yes to continue.

12. Select Use GRUB Boot Loader if you want to use it otherwise select No Boot Loader

And then click OK.

Page 118


119/140

N+ Journal

13. Configure the Boot Loader and then click OK.

14. If you want to set password on boot loader then select Use a GRUB Password, give

The password and then click OK otherwise click OK.

Page 119


120/140


121/140

N+ Journal

17. Select the time zone and click OK.

18. Give the root password and then click OK.

Page 121


122/140

N+ Journal

19. If you want to install only specific package then select Customize software selectionand then click OK.

20. Click OK.

Page 122


123/140

N+ Journal

21. All your selected software will be installed.

22. Click Reboot to restart the machine or system.

Page 123


124/140

N+ Journal

23. Select the listed item and click Run Tool to configure the item otherwise click Exit.

Page 124


125/140

N+ Journal

Install and Configure the IIS (Internet

Information Services)

1. Install the Internet Information Services.

1. Select Start Settings Control Panel.

2. Double click Add or Remove Programs.

Page 125


126/140

N+ Journal

3. Click Add/Remove Windows Components.

4. Select Application Server components.

5. Click Next.

Page 126


127/140

N+ Journal

6. During configuration, IIS setup prompts for windows server 2003,

Enterprise Edition CD-ROM. The Insert Disk message box appears.

7. Insert the windows server 2003 Enterprise Edition CD.

8. Click OK.

9. Click Finish.

Page 127


128/140

N+ Journal

2. Configure Internet Information Services.

1. Select Start Programs Administrative Tools Internet

Information Services (IIS) Manager.

2. Expand ANGELSOF-E05P9P(local computer).

Page 128


129/140

N+ Journal

3. Expand Web Services Extensions to display the status of the Web

Service Extensions Supported by IIS.

4. Select Active Server Pages from the Web Service Extension list.

5. Click Allow.

Page 129


130/140

N+ Journal

3. Configure IIS to enable Internet Data Connector.




2. Expand Web Services Extensions to display the status of the Web

Service Extensions Supported by IIS.

4. Select Internet Data Connector from the Web Service Extension list.

5. Click Allow.

4. Administrating the IIS (To Access a Remote Server

Running IIS)

Page 130


131/140

N+ Journal




3. Select Connect.

4. Enter the remote server name in the Computer Name text box.

5. Select the Connect As. Check box.

6. Enter the Appropriate user name and password to connect as an

administrator.

7. Click OK. A IIS Manger console screen appears.

Page 131


132/140

N+ Journal

5. Create a Web Site

1. Create a folder, Windows_2003 under the D: drive.

2. Open the notepad.

3. Enter the text Welcome to the IIHT Institute.

4. Save the file as iiht.htm under the D:\Windows_2003.




7. Expand Web Sites.

Page 132


133/140

N+ Journal

8. Right click Default Web Site.

9. Select Stop.

10. Select Web Sites.

11. Select Action NewWeb Site.

Page 133


134/140

N+ Journal

12. Click Next.

13. Enter Windows_2003 in the Description text box.

14. Click Next. The IP Address and Port Settings screen appears.

Page 134


135/140

N+ Journal

15. Click Next. The Web Site Home Directory screen appears.

16. Enter the D:\WINDOWS_2003 in the Path text box.

17. Click Next. Web Site Permissions screen appears.

Page 135


136/140

N+ Journal

18. Select Read, Run scripts and Browse check boxes.

19. Click Next.

20. Click Finish.

6. Securing IIS By Assigning Basic Authentication.

Page 136


137/140

N+ Journal


Information

Services (IIS) Manager.

2. Right click Windows_2003.

3. Select Properties.

4. Click the Directory Security tab.

Page 137


138/140

N+ Journal

5. Click Edit from the Authentication and access control group box.

6. Clear the Enable anonymous access check box to prevent any

unauthorized user from accessing Windows_2003 Web Site.

Page 138


139/140

N+ Journal

7. Clear Integrated Windows authentication check box.

8. Select the Basic authentication (password is sent in clear text) check

box to implement the authentication method.

9. Click Yes to return to Authentication Methods screen.

10. Click OK to return to Directory Security dialog box.

11. Click Apply.

12. Click OK.

13. Close the Internet Information Services (IIS) Manager console.

14. After Securing Web Site, you need to verify whether authentication is

applied.

15. Open the Internet Explorer window.

16. Enter the http://Windows_2003/iiht.htm. The Enter Network Password

dialog box appears.

Page 139


140/140

N+ Journal

17. Enter the user name in the User Name text box.

18. Enter the password in the Password text box.

19. Click OK. The Web Site window appears.

n+ journal

Documents