1

NETWORK CONFIGURATION
AIM:

Run the following commands and write the use of each command

Ipconfig

C:\Documents and Settings\Administrator>ipconfig

Windows 2000 IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 10.227.1.81
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . : 10.227.1.1

ping

C:\Documents and Settings\Administrator>ping

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] destination-list

Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Br
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.

telnet

Microsoft (R) Windows 2000 (TM) Version 5.00 (Build 2195)

Welcome to Microsoft Telnet Client
Telnet Client Build 5.00.99206.1

Escape Character is 'CTRL+]'

Microsoft Telnet>

diskperf

C:\Documents and Settings\Administrator>diskperf

 2

Physical Disk Performance counters on this system are currently set to start
at
boot.

netdiag

C:\Documents and Settings\Administrator>netdiag

'netdiag' is not recognized as an internal or external command,
operable program or batch file.

netstat

C:\Documents and Settings\Administrator>netstat

Active Connections

Proto Local Address Foreign Address State

TCP Amb:1208 72.20.27.115:8080 SYN_SENT
TCP Amb:2380 105.173.200.246:microsoft-ds SYN_SENT
TCP Amb:2381 17.43.237.130:microsoft-ds SYN_SENT
TCP Amb:2382 185.57.26.6:microsoft-ds SYN_SENT
TCP Amb:2383 11.230.24.215:microsoft-ds SYN_SENT
TCP Amb:2384 122.126.219.134:microsoft-ds SYN_SENT
TCP Amb:2387 143.135.200.171:microsoft-ds SYN_SENT
TCP Amb:2388 8.229.211.254:microsoft-ds SYN_SENT
TCP Amb:2389 12.188.152.119:microsoft-ds SYN_SENT
TCP Amb:2390 53.74.31.59:microsoft-ds SYN_SENT
TCP Amb:2391 63.78.51.82:microsoft-ds SYN_SENT
TCP Amb:2393 185.166.131.126:microsoft-ds SYN_SENT
TCP Amb:2394 50.60.189.211:microsoft-ds SYN_SENT
TCP Amb:2395 122.123.9.47:microsoft-ds SYN_SENT
TCP Amb:2396 131.186.166.19:microsoft-ds SYN_SENT
TCP Amb:2397 53.74.31.59:microsoft-ds SYN_SENT

pathping

C:\Documents and Settings\Administrator>pathping

Usage: pathping [-n] [-h maximum_hops] [-g host-list] [-p period]

[-q num_queries] [-w timeout] [-t] [-R] [-r] target_name
Options:
-n Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-g host-list Loose source route along host-list.
-p period Wait period milliseconds between pings.
-q num_queries Number of queries per hop.
-w timeout Wait timeout milliseconds for each reply.
-T Test connectivity to each hop with Layer-2 priority tags.
-R Test if each hop is RSVP aware.

ftp

C:\Documents and Settings\Administrator>ftp

ftp>

tftp
 3

C:\Documents and Settings\Administrator>tftp

Transfers files to and from a remote computer running the TFTP service.

TFTP [-i] host [GET | PUT] source [destination]

-i Specifies binary image transfer mode (also called

octet). In binary image mode the file is moved
literally, byte by byte. Use this mode when
transferring binary files.
host Specifies the local or remote host.
GET Transfers the file destination on the remote host to
the file source on the local host.
PUT Transfers the file source on the local host to
the file destination on the remote host.
source Specifies the file to transfer.
destination Specifies where to transfer the file.

sfc

C:\Documents and Settings\Administrator>sfc

Microsoft(R) Windows 2000 Windows File Checker Version 5.00

(C) 1999 Microsoft Corp. All rights reserved

Scans all protected system files and replaces incorrect versions with correct
Microsoft versions.

SFC [/SCANNOW] [/SCANONCE] [/SCANBOOT] [/CANCEL] [/ENABLE] [/PURGECACHE]

[/CACHE
SIZE=x] [/QUIET]

/SCANNOW Scans all protected system files immediately.

/SCANONCE Scans all protected system files once at the next boot.
/SCANBOOT Scans all protected system files at every boot.
/CANCEL Cancels all pending scans of protected system files.
/QUIET Replaces all incorrect file versions without prompting the user.

/ENABLE Enables Windows File Protection for normal operation

/PURGECACHE Purges the file cache and scans all protected system files
immediately.
/CACHESIZE=x Sets the file cache size

nbtstat

C:\Documents and Settings\Administrator>nbtstat

Displays protocol statistics and current TCP/IP connections using NBT

(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]

[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
 4

IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their
IP addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP
addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINs and then, starts
Refresh
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.

rcp

C:\Documents and Settings\Administrator>rcp

Copies files to and from computer running the RCP service.

RCP [-a | -b] [-h] [-r] [host][.user:]source [host][.user:] path\destination

-a Specifies ASCII transfer mode. This mode converts

the EOL characters to a carriage return for UNIX
and a carriage
return/line feed for personal computers. This is
the default transfer mode.
-b Specifies binary image transfer mode.
-h Transfers hidden files.
-r Copies the contents of all subdirectories;
destination must be a directory.
host Specifies the local or remote host. If host is
specified as an IP address OR if host name contains
dots, you must specify the user.
.user: Specifies a user name to use, rather than the
current user name.
source Specifes the files to copy.
path\destination Specifies the path relative to the logon directory
on the remote host. Use the escape characters
(\ , ", or ') in remote paths to use wildcard
characters on the remote host.

lpr

C:\Documents and Settings\Administrator>lpr

Sends a print job to a network printer

Usage: lpr -S server -P printer [-C class] [-J job] [-o option] [-x] [-d]
filename

Options:
-S server Name or ipaddress of the host providing lpd service
 5

-P printer Name of the print queue

-C class Job classification for use on the burst page
-J job Job name to print on the burst page
-o option Indicates type of the file (by default assumes a text file)
Use "-o l" for binary (e.g. postscript) files
-x Compatibility with SunOS 4.1.x and prior
-d Send data file first

tracert

C:\Documents and Settings\Administrator>tracert

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.

verifier

nslookup

C:\Documents and Settings\Administrator>nslookup

*** Default servers are not available
Default Server: UnKnown
Address: 127.0.0.1

route

C:\Documents and Settings\Administrator>route

Manipulates network routing tables.

ROUTE [-f] [-p] [command [destination]

[MASK netmask] [gateway] [METRIC metric] [IF interface]
 6

-f Clears the routing tables of all gateway entries. If this is

used in conjunction with one of the commands, the tables are
cleared prior to running the command.
-p When used with the ADD command, makes a route persistent
across
boots of the system. By default, routes are not preserved
when the system is restarted. Ignored for all other commands,
which always affect the appropriate persistent routes. This
option is not supported in Windows 95.
command One of these:
PRINT Prints a route
ADD Adds a route
DELETE Deletes a route
CHANGE Modifies an existing route
destination Specifies the host.
MASK Specifies that the next parameter is the 'netmask' value.
netmask Specifies a subnet mask value for this route entry.
If not specified, it defaults to 255.255.255.255.
gateway Specifies gateway.
interface the interface number for the specified route.
METRIC specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,

(wildcard is specified as a star '*'), or the gateway argument may be
omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only

matching destination routes are printed. The '*' matches any string,
and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.
Diagnostic Notes:

Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1

The route addition failed: The specified mask parameter is invalid.

(Destination & Mask ) != Destination.

Examples:

> route PRINT

> route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
destination^ ^mask ^gateway metric^ ^
Interface^
If IF is not given, it tries to find the best interface for a given
gateway.
> route PRINT
> route PRINT 157* .... Only prints those matching 157*
> route DELETE 157.0.0.0
> route PRINT

lpq
 7

C:\Documents and Settings\Administrator>lpq

Displays the state of a remote lpd queue.

Usage: lpq -Sserver -Pprinter [-l]

Options:
-S server Name or ipaddress of the host providing lpd service
-P printer Name of the print queue
-l verbose output

C:\Documents and Settings\Administrator>

net session

C:\Documents and Settings\Administrator>net session

There are no entries in the list.

drivers

C:\Documents and Settings\Administrator>drivers

'drivers' is not recognized as an internal or external command,
operable program or batch file.

nettime

C:\Documents and Settings\Administrator>nettime

'nettime' is not recognized as an internal or external command,
operable program or batch file.

rsh

C:\Documents and Settings\Administrator>rsh

Runs commands on remote hosts running the RSH service.

RSH host [-l username] [-n] command

host Specifies the remote host on which to run command.

-l username Specifies the user name to use on the remote host. If
omitted, the logged on user name is used.
-n Redirects the input of RSH to NULL.
command Specifies the command to run.

chkdsk

C:\Documents and Settings\Administrator>chkdsk

The type of the file system is FAT32.
Volume HCL created 22/08/2002 5:53 PM
Volume Serial Number is 3A51-1906
Windows is verifying files and folders...
File and folder verification is complete.
Windows has checked the file system and found no problem.
39,058,992 KB total disk space.
1,287,888 KB in 734 hidden files.
53,440 KB in 3,223 folders.
 8

22,328,464 KB in 67,626 files.

15,389,184 KB are available.

16,384 bytes in each allocation unit.

2,441,187 total allocation units on disk.
961,824 allocation units available on disk.

hostname
C:\Documents and Settings\Administrator>hostname
Amb

net account

C:\Documents and Settings\Administrator>net account

The syntax of this command is:

NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |

HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION |
SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ]

arp

C:\Documents and Settings\Administrator>arp

Displays and modifies the IP-to-Physical address translation tables used by

address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]

ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]

-a Displays current ARP entries by interrogating the current

protocol data. If inet_addr is specified, the IP and Physical
addresses for only the specified computer are displayed. If
more than one network interface uses ARP, entries for each ARP
table are displayed.
-g Same as -a.
inet_addr Specifies an internet address.
-N if_addr Displays the ARP entries for the network interface specified
by if_addr.
-d Deletes the host specified by inet_addr. inet_addr may be
wildcarded with * to delete all hosts.
-s Adds the host and associates the Internet address inet_addr
with the Physical address eth_addr. The Physical address is
given as 6 hexadecimal bytes separated by hyphens. The entry
is permanent.
eth_addr Specifies a physical address.
if_addr If present, this specifies the Internet address of the
interface whose address translation table should be modified.
If not present, the first applicable interface will be used.
Example:
> arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry.
> arp -a .... Displays the arp table.
 9

AIM:

Modify the routing table using ipzroute

C:\Documents and Settings\Administrator>ipxroute

NWLink IPX Routing and Source Routing Control Program v2.00

Unable to open transport \Device\NwlnkIpx.

AIM:

Show tcp/ip

netsh>show mode tcp/ip

online

AIM:

Configure interfaces:

netsh>set

The following commands are available:

Commands in this context:

set machine - Sets the current machine on which to operate.
set mode - Sets the current mode to online or offline.
netsh>set interface
The following command was not found: set interface.
netsh>set mode interface
'mode' is not an acceptable value for 'interface'.
The parameter is incorrect.

netsh>set mode

Usage: set mode [ mode= ] { online | offline }

Parameters:

Tag Value
mode - One of the following values:
online: Commit changes immediately
offline: Delay commit until explicitly requested

Remarks:
Sets the current mode to online or offline.

netsh>set machine
 10

AIM:

To configure remote access

1. Open Network and Dial-up Connections.

2. Right-click the dial-up connection we want to configure, and then click
Properties.
3. On the Security tab, do one of the following:
o To select preconfigured combinations of identity authentication
methods and data encryption requirements, click Typical
(recommended settings), and in Validate my identity as follows,
click a method to use for validation.
Validate my Automatically use my Windows Require data
identity as logon name and password (and encryption
follows domain if any) (disconnect if none)
Allow unsecured
Unavailable Unavailable
password
Require secured
Available Available
password
Use smart card Unavailable Available
o To individually enable, configure, and disable authentication
methods and encryption requirements, click Advanced (custom
settings), and then click Settings.

Important

 Modifying Advanced (custom settings) requires a knowledge of security

protocols.

Note

 To open Network and Dial-up Connections, click Start, point to

Settings, and then click Network and Dial-up Connections
 11

LINUX / UNIX OPERATING SYSTEM

AIM:

Try to execute following commands and write the results of each

Ls aa ab abc agm rajesh biju sem2
Pwd home\sem
Ls –x a1 a2 a.c agm a.out desktop frmstat.ui install.log
Ls –al drwxr-x- - 33 root root 4096 oct 2 10:12 .
drwx—xr-x 33 root root 6 oct 2 10:42 a1
-rw-r- -r-- 33 root root 5 oct 2 12:30 a2
-rwxr-x— 33 root root 4 oct 2 12:45 a.c

AIM:

Make subdirectories called uni and linu in home directory Made? Now delete
the subdirectory called uni

Mkdir uni
Mkdir linu
Rmdir linu

AIM:

Create a file called “ignou.txt”.Now copy this file and paste to other
directory . Copied move the file also from one directory to other

Cat > ignou.txt

Cp ignou.txt \ab\a.txt
Mv ignou.txt \linu

AIM:

Change the permission of ignou.txt to rwxrwxr-x.Find out what are the

different commands available to change the permissions of files

Chmod a+x ignou.txt

Chmod g-w ignou.txt
Chmod o-w ignou.txt

AIM:

Find the files in home directory those names are starting with s and redirect
the output into a file redirecting.txt

Ls –l s* >redirecting.txt

AIM:

Change the password and write down the restrictions for given password

Passwd
Enter new password:
Re enter new password:
Restrictions to password
1.different from previous password
2.Have atleast 6 characters
 12

3.Are not common words found in dictionary

AIM:
Execute sleep 25 in the foregound, suspend it with Ctrl-z and then put it
into the backgound with bg.show all process running in background, bring any
process back into the foregound with fg. Repeat the same exercise using kill
to terminate the process and use & for sending into backgound.

Sleep 25 –s

AIM:

Write a shell script which returns the PID of a process and accept the name
of process

Ps e | grep init
Echo $a | cut –f1 –d “ “

AIM:

Send a message to all users which are online. Make provision so that you can
send messages to other users but others cannot. Use talk to send messages.

Mesg n

AIM:

Send a mail to yourself, and include ignou.txt inside the mail. Read the
mail you have sent to yourself. Save the piece of message and file into some
folder. Reply to yourself.

Mail root(user 1) ->

Mail amb(user 2)

AIM:

Use ping to find the round-trip delay to www.ignou.ac.in

Ping “www.ignou.ac.in”

AIM:

Use the ls command and grep to display all names starting with “s”
Ls|grep[^s]
 13

SYSTEM ADMINISTRATION USING UNIX & LINUX

AIM:

Delete the user which just now added

Deluser abc

AIM:

Write a message to inform all user “they should shut down their
machine after completing the lab exercise”

Wall “they should shut down their machine after completing the lab
exercise”
 14

WINDOWS 2000: INTRODUCTION TO NETWORKING

AIM:

Different System Tools And Administartive Tools

Computer Management
Use Computer Management to manage local or remote computers using a single,
consolidated desktop tool. It combines several Windows 2000 administration
utilities into a single console tree, providing easy access to a specific
computer's administrative properties and tools. Use Computer Management to:
 Monitor system events such as logon times and application errors.
 Create and manage shares.
 View a list of users connected to a local or remote computer.
 Start and stop system services such as the Task Scheduler and the
Spooler.
 Set properties for storage devices.
 View device configurations and add new device drivers.
 Manage server applications and services such as the Domain Name System
(DNS) service or the Dynamic Host Configuration Protocol (DHCP)
service.

Local Security Settings

The Security Settings node allows a security administrator to configure

security levels assigned to a Group Policy object or local computer policy.
This can be done after or instead of importing or applying a security
template.
 15

Event Viewer

Using the event logs in Event Viewer, you can gather information about
hardware, software, and system problems and monitor Windows 2000 security
events.
Windows 2000 records events in three kinds of logs:

The application log

The application log contains events logged by applications or programs. For

example, a database program might record a file error in the application log.
The developer decides which events to record.

The system log

The system log contains events logged by the Windows 2000 system components.
For example, the failure of a driver or other system component to load during
startup is recorded in the system log. The event types logged by system
components are predetermined.

The security log

The security log can record security events such as valid and invalid logon
attempts, as well as events related to resource use, such as creating,
opening, or deleting files. An administrator can specify what events are
recorded in the security log. For example, if you have enabled logon
auditing, attempts to log on to the system are recorded in the security log.

Services

Using Services, you can start, stop, pause, or resume services on remote and
local computers, and configure startup and recovery options. You can also
enable or disable services for a particular hardware profile.
With Services, you can:
 Manage services on local and remote computers, including remote
computers running Windows NT 4.0.
 Set up recovery actions to take place if a service fails, such as
restarting the service automatically or restarting the computer (on
computers running Windows 2000 only).
 Create custom names and descriptions for services so that you can
easily identify them (on computers running Windows 2000 only).
 16

Backup

The Backup utility helps you protect data from accidental loss due to
hardware or storage media failure. For example, using Backup you can create a
duplicate copy of the data on your hard disk by backing up the data to
another storage device such as a hard disk or a tape. In the event that the
original data on your hard disk is accidentally erased or overwritten, or
becomes inaccessible because of a hard disk malfunction, you can easily
restore the data from the backed up copy.
Using Backup, you can:
 Back up selected files and folders on your hard disk.
 Restore the backed up files and folders to your hard disk or any other
disk you can access.
 Create an Emergency Repair Disk (ERD), which will help you repair
system files in the event they get corrupted or are accidentally
erased.
 Make a copy of any Remote Storage data and any data stored in mounted
drives.
 Make a copy of your computer's System State, which includes such things
as the registry, the boot files, and the system files.
 Back up services on servers and domain controllers, including such
things as the Active Directory service database, the Certificate
Services database, and the File Replication service SYSVOL directory.
 Schedule regular backups to keep your backed up data up to date.
You can use Backup to back up and restore data on either FAT or NTFS volumes.
However, if you have backed up data from an NTFS volume used in Windows 2000,
it is recommended that you restore the data to an NTFS volume used in Windows
2000, or you could lose data as well as some file and folder features. For
example, permissions, encrypting file system (EFS) settings, disk quota
information, mounted drive information, and Remote Storage information will
 17

be lost if you back up data from an NTFS volume used in Windows 2000 and then
restore it to a FAT volume or an NTFS volume used in Windows NT 4.0.

Disk Defragmenter

Disk Defragmenter locates fragmented files and folders on local volumes. A

fragmented file or folder is split up into many pieces and scattered over a
volume.

When a volume contains a lot of fragmented files and folders, Windows takes
longer to gain access to them because it requires several additional disk
drive reads to collect the various pieces. Creating new files and folders
also takes longer because the free space available on the volume is
scattered. Windows must then save new files and folders to various locations
on the volume.

Disk Defragmenter moves the pieces of each file or folder to one location on
the volume, so that each occupies a single, contiguous space on the disk
drive. As a result, your system can gain access to your files and folders and
save new ones more efficiently. By consolidating your files and folders, Disk
Defragmenter also consolidates your free space, making it less likely that
new files will be fragmented.

The process of finding and consolidating fragmented files and folders is

called defragmentation. The amount of time that defragmentation takes depends
on several factors, including the size of the volume, the number of files on
the volume, the amount of fragmentation, and the available local system
resources. You can find all of the fragmented files and folders before
defragmenting them by analyzing the volume first. You can see how many
fragmented files and folders are saved on the volume and then decide whether
or not you would benefit from defragmenting the volume.

Disk Defragmenter can defragment FAT, FAT32, and NTFS formatted volumes.
For more information, see Related Topics.

System Information

System Information collects and displays your system configuration

information. Support technicians require specific information about your
computer when they are troubleshooting your configuration. You can use System
Information to quickly find the data they need to resolve your system
problem.

System Information displays a comprehensive view of your hardware, system

components, and software environment. The displayed system information is
organized into a system summary and three top-level categories that
 18

correspond to the Resources, Components, and Software Environment nodes on

the console tree.
 The System Summary node displays general information about your
computer and the version of Windows 2000 operating system installed.
This summary includes the name and type of your system, the name of
your Windows system directory, regional options, and statistics about
physical and virtual memory.
 The Hardware Resources node displays hardware-specific settings, namely
DMA, IRQs, I/O addresses, and memory addresses. The Conflicts/Sharing
node identifies devices that are sharing resources or are in conflict.
This can help identify problems with a device.
 The Components node displays information about your Windows
configuration and is used to determine the status of your device
drivers, networking, and multimedia software. In addition, there is a
comprehensive driver history, which shows changes made to your
components over time.
 The Software Environment node displays a snapshot of the software
loaded in computer memory. This information can be used to see if a
process is still running or to check version information.

Other applications may add nodes to System Information that display

information specific to the application.

You can use the View menu to switch between the display of Basic and Advanced
information. The Advanced view shows all of the information in the Basic view
plus additional information that may be of interest to the more advanced user
or to Microsoft Product Support Services.
 19

AIM:

To add a new user to the computer

1. Open Users and Passwords in Control Panel.

2. Click Add.
3. Follow the instructions on the screen.

Notes

 You must be logged on as an administrator or a member of the

Administrators group to use Users and Passwords.
 To open a Control Panel item, click Start, point to Settings, click
Control Panel, and then double-click the appropriate icon.
 If the computer is part of a domain, Add New User gives an existing
domain user permission to use the computer. If the computer is not part
of a domain, Add New User creates a new local user.
 If the computer is part of a domain, you can only add existing domain
users with Users and Passwords. To add a new local user, click the
Advanced tab and then click the Advanced button. In Local Users and
Groups, click Users, click Action, and then click Create User.
 You should not add a new user to the Administrators group unless the
user will perform only administrative tasks. For more information, see
Related Topics.

Types of access permissions for shares

The following types of access permissions can be applied to shared folders.

Read

Read permission allows:

o Viewing file names and subfolder names.
o Traversing to subfolders.
o Viewing data in files.
o Running program files.

Change

Change permission allows all Read permissions, plus:

o Adding files and subfolders.
o Changing data in files.
o Deleting subfolders and files.

Full Control

Full Control is the default permission applied to any new shares you create.
It allows all Read and Change permissions, plus:
o Changing permissions (NTFS files and folders only).
o Taking ownership (NTFS files and folders only).

Note
When a folder is shared, the default is to grant Full Access permissions to
the Everyone group.
 20

AIM:

To add a local Printer

1. Go to Settings, Printers, and start the add printer wizard.

2. Select Local Printer and Click next

3. Select the Printer Port. Say LPT1.

4. Select The Printer Manufacturer and Model.

5. Name the printer and Set to share the Printer if it has to be available in
the Network.
 21

6. After giving Location command and Print the test page. If all are ok,
Finalise the setting and complete the wizard.
 22

AIM:

To connect to a printer on a network

1. Open Printers.
2. Double-click Add Printer to start the Add Printer wizard, and then
click Next.
3. Click Network printer, and then click Next.
4. Connect to the desired printer by:
o Searching for it in the Active Directory.
o Typing its name using the following format, or clicking Next to
locate the printer on the network:
o Typing its URL using the following format:
5. Follow the instructions on the screen to finish connecting to the
network printer.

Notes

 To open Printers, click Start, point to Settings, and then click

Printers.
 If you are not logged on to a Windows 2000 domain running Active
Directory, the option to Find a printer in the Directory will not be
available.
 Connecting to a printer using its URL allows you to connect to printers
across the Internet providing you have permission to use that printer.
 If you cannot connect to your printer using the general URL format
above, please see your printer's documentation or contact your network
administrator.
 You can also connect to a printer by dragging the printer from the
Printers folder on the print server and dropping it into your Printers
folder, or by simply right-clicking the icon and then clicking Connect.
 After you have connected to a shared printer on the network, you can
use it as if it were attached to your computer.
 23

AIM:
Windows 2000 Active Directory and Domain controller.

The Active Directory (AD) of Windows 2000 Server and Windows Server
2003 basically manages all the information that is relevant in the network's
operation. This includes connections, applications, databases, printers,
users and groups. Microsoft's text describes it concisely: Active Directory
provides a standard way to name, describe, localize, manage, secure and
access these resources.

To Start Active Directory Installation, Run Dcpromo from Command Prompt

The dcpromo command is used to raise the level of the server to become an
Active Directory controller. The process takes approximately ten minutes and
is described briefly in the following.

We assume that there are no other servers in your network and therefore, we
want a controller for a new Active Directory infrastructure
 24

Afterwards, we define whether the new AD domain is to be integrated into an

existing system.

Active Directory uses its own database system in order to manage the
described information efficiently. Provided your environment could grow
quickly and the server could take on additional tasks, the database as well
as the log files should be swapped out to a separate hard disk in order to
keep system performance as high as possible.
 25

The SYSVOL folder is another specialty of the Active Directory because its
contents are replicated by all the Active Directory controllers in a domain.
This includes login scripts, group policies and other things that must be
available on other servers as well. The location of this folder can of
course be changed according to need.

There is no DNS Server running. So we need to install DNS Server.

After Installing Forward Lookup zone, We have to install Reverse lookup zone
also.

First We Create a Primary Zone.

After that We set Dynamic updates for this zone.

 26

After confirmation, the Reverse Lookup Zone is installed.

The last thing we still need is a pointer, which points to our subnet
192.168.1.0.
 27

By this The DNS and Active Directory Installation Finished.

 28

AIM:

Create a Hierarchical Directory Tree

A hierarchical representation of the folders, files, disk drives, and other

resources connected to a computer or network. For example, Windows Explorer
uses a tree view to display the resources that are attached to a computer or
a network.

AIM:

Share and Share Permissions.

I create a folder test uder c:\temp directry and set permissions as

follows.

Take Properties of Local Area Connction.

 29

AIM:

Install and Configure TCP/IP

Properties of TCP/IP

Enter Ip address, Subnet Mask, Default Gateway, and DNS Server entries.

Add WINS server Entries and Complete the Settings.

AIM:

Install a caching DNS server and find out how it reduces the network traffic

Windows 2000 authentication is implemented in two steps: an interactive logon

process and a network authentication process. Typically, the same set of
credentials is used by the interactive logon process and the network
authentication process. If your credentials differ, you are prompted to
provide Windows domain credentials each time you access a network resource.
You can avoid this by logging on to your computer using your Windows domain
name, your Windows domain user name, and Windows domain password before you
try to connect to a network resource. If you log on without being connected
to the network, Windows 2000 recognizes the information from a previous
successful logon. You receive the message "Windows cannot connect to a server
to confirm your logon settings. You have been logged on using previously
stored account information." When you connect to your network, the cached
credentials are passed to your Windows 2000 domain and you are able to access
network resources without having to provide a password again.

Limiting the number of protocols on your computer enhances network

performance and reduces network traffic

AIM:

Implement delegated zones for a Doman Name server

In the Macintosh environment, a logical grouping that simplifies browsing the

network for resources, such as servers and printers. It is similar to a
domain in Windows 2000 Server networking.

In a DNS (Domain Name System) database, a zone is a subtree of the DNS

database that is administered as a single separate entity, a DNS server. This
administrative unit can consist of a single domain or a domain with
 30

subdomains. A DNS zone administrator sets up one or more name servers for the
zone.
 31

WINDOWS 2000: SERVER MANAGEMENT

AIM:

Configuring Windows client as VPN client

VPN Client is an application that runs on a Microsoft® Windows®-based

PC, a Sun ultraSPARC workstations, a Linux desktop, or a Macintosh (Mac)
personal computer that meets the system requirements stated in the next
section. In this document, the term "PC" applies generically to all these
computers, unless specified otherwise.

The VPN Client on a remote PC, communicating with a Cisco VPN device at
an enterprise or service provider, creates a secure connection over the
Internet that lets you access a private network as if you were an on-site
user. This secure connection is a Virtual Private Network (VPN).

System Requirements
To install the VPN Client on any system, you need–CD-ROM drive (if you are
installing from CD-ROM) –Administrator privileges •The following table indicates the system
requirements to install the VPN Client on each of the supported platforms.
Computer Operating System Requirements
Computer with •Microsoft® Windows® 98 or •Microsoft TCP/IP installed.
a Pentium®- Windows 98 (second edition) (Confirm via Start > Settings >
class •Windows ME Control Panel > Network >
processor or •Windows NT® 4.0 (with Protocols or Configuration.)
greater Service Pack 6, or higher) •50 MB hard disk space.
•Windows 2000 •RAM:
•Windows XP –32 MB for Windows 98
–64 MB for Windows NT and
Windows ME
–64 MB for Windows 2000
(128 MB recommended)
–128 MB for Windows XP
(256 MB recommended)
Computer with RedHat Version 6.2 or later •32 MB Ram
and Intel x86 Linux (Intel), or compatible •50 MB hard disk space
processor libraries with glibc Version
2.1.1-6 or later, using
kernel Versions 2.2.12 or
later
Note The VPN Client does
not support SMP
(multiprocessor) or 64-bit
processor kernels.
Sun UltraSPARC 32-bit or 64-bit Solaris • 32 MB Ram
computer kernel OS Version 2.6 or • 50 MB hard disk space
later
Macintosh Mac OS X, Version 10.2.0 or 50 MB hard disk space
computer later

The VPN Client supports the following Cisco VPN devices:

 32

•Cisco VPN 3000 Concentrator Series, Version 3.0 and later.

•Cisco PIX Firewall, Version 6.2.2(122) or Version 6.3(1).
•isco IOS Routers, Version 12.2(8)T and later
If you are using Internet Explorer, use version 5.0, Service Pack 2 or
higher.

Installation Notes

The following files are included in this release:

vpnclient-win-msi-4.6.00.0049-k9.zip Windows client MSI installer
vpnclient-win-is-4.6.00.0045-k9.zip Windows client IS installer
vpnclient-darwin-4.6.00.0045-GUI-k9.dmg Mac OS X installer
vpnclient-linux-4.6.00.0045-k9.tar.gz Linux package
vpnclient-solaris-4.6.00.0045-k9.tar.Z Solaris package
vpn3000-4.1.6.bin VPN 30xx Concentrator code
vpn3005-4.1.6.bin VPN 3005 Concentrator code
update-4.6.00.0045.zip VPN Client AutoUpdate package

Because of platform differences, the installation instructions for

Windows and non-Windows platforms also differ.

The following notes are important for users who are upgrading to
Windows XP and users who want to downgrade to an earlier version of the VPN
Client software.

Installation Notes - Windows Platforms

Release 4.6 includes the following installation considerations for

Windows users:

Installing the VPN Client Software Using InstallShield

Installing the VPN Client software on Windows NT, Windows 2000, or

Windows XP with InstallShield requires Administrator privileges. If you do
not have Administrator privileges, you must have someone who has
Administrator privileges install the product for you. Note The VPN Client
Installer does not allow installations from a network drive (CSCeb43490).

Installing the VPN Client Software Using the MSI Installer

If you are using the MSI installer, you must have Windows NT-based
products such as Windows NT 4.0 (with SP6), Windows 2000, or Windows XP.
Installing with MSI also requires Administrator privileges.

When installing the Windows MSI installation package, the user must
manually uninstall the previous VPN Client if it is older than version 4.6.
The version 4.6 MSI installer does not detect older versions, and the
installer will attempt to install before aborting gracefully. Once a version
4.6 MSI package has been installed, future client versions will be able to
detect the existing version 4.6 installation and automatically begin the
uninstallation process.

VPN Client Installation Using Windows Installer (MSI) Requires Windows NT SP6
 33

When you attempt to install the VPN Client using MSI install
(vpnclient_en.exe) on NT SP3, SP4, or SP5, the error messages do not indicate
that the VPN Client cannot be installed on those operating systems because
they are unsupported. Once the errors occur, no other messages are displayed
and the installation is aborted.

When you attempt to run vpnclient_en.exe on Windows NT SP3, SP4, or SP5

you see the following messages:

"Cannot find the file instmsiw.exe (or one of its components). Make
sure the path and filename are correct and that all the required libraries
are available."
-then-
"Cannot find the file MSIEXEC (or one of its components). Make sure the
path and filename are correct and that all the required libraries are
available."

The Windows Installer (MSI) can be installed only on NT SP6, so the

error messages you see using earlier service packs are due to an MSI
incompatibility (CSCdy05049).

Installation Notes - Solaris Platforms

The following sections describe actions you must take when installing
the VPN Client on a Solaris platform.

Uninstall an Older VPN Client If Present on a Solaris Platform

If you have a previous version of the VPN Client running under Solaris,
you must uninstall the older VPN Client before installing a new VPN Client.
You are not required to uninstall an old VPN Client, if one is present,
before installing a new VPN Client for Linux or Mac OS X.

Disable the ipfilter Firewall Kernel Module Before Installing the VPN Client
on a Solaris Platform

If have an IP firewall installed on your workstation, the reboot after

installation of the VPN Client takes an inordinate amount of time. This is
caused by a conflict between the vpnclient kernel module cipsec and the
ipfilter firewall module. To work around this issue, disable the ipfilter
firewall kernel module before you install the VPN Client (CSCdw27781).

Using the VPN Client

•To use the VPN Client, you need –Direct network connection (cable or DSL
modem and network adapter/interface card), or –Internal or external modem,
and
•To connect using a digital certificate for authentication, you need a
digital certificate signed by one of the following Certificate Authorities
(CAs) installed on your PC: –Baltimore Technologies
(www.baltimoretechnologies.com) –Entrust Technologies (www.entrust.com) –
Netscape (www.netscape.com) –Verisign, Inc. (www.verisign.com) –Microsoft
Certificate Services — Windows 2000 –A digital certificate stored on a smart
card. The VPN Client supports smart cards via the MS CAPI Interface.
 34

WINDOWS 2000, SECUTIRY

AIM:
Protect client machine by using Internet Connection Firewall(ICF)

Windows 2000 includes a Firewall to protect your system against unwanted "visitors" from the
Internet ( but not controlling connections from your system to the Internet, for which you would
need to install a Non-Microsoft Firewall, like ZoneAlarm ) , which is configured using the
Properties
of the modem-connection :( using the Firewall on a LAN connection will cause network access
problems to your system )

In the properties of the

Internet Connection :
tab: Advanced.

make sure, that the checkmark

is placed for
the Internet Connection
Firewall.

Using Settings, you can

configure the firewall.

tab : Services

The list of programs, which

could run on your
system.
By default, no access is
allowed from the
Internet to your system to any
of these services.

Unless you need to grant such

an access,
do NOT activate any of these
services.
tab: Security Logging

Allows to activate a log-file

 35

tab : ICMP

ICMP (Internet Control Message

Protocol is
part of TCP/IP, the most common
use is the
PING program to test a network
connection.

By default, the firewall will

NOT respond to
any ICMP , incl. PING, from the
Internet.

Advanced Setup:
In case you have the Internet
Information Server
(maybe including the FTP-
server) installed and you
like to allow access from the
Internet, then you
need to place the Check-marks
(you are prompted
to confirm the system allowed
to be accessed)

Activate ONLY the service,

which people
need to access from the
Internet.
 36

tab: ICMP

To allow people on the Internet

to test, that the
connection is working to your
system, you should
allow incoming echo requests
(PING-requests).

Warning: now your systems

becomes also
visible for all these "bad boys
and girls", which
probe all IP-addresses on the
Internet and then
try to find out which system
they had found, and
some of them may try to damage
your system !
 37

AIM:

Configure TCP/IP packet filter

Click Start , point to Settings , click Control Panel , and then

1.
double-click Network and Dial-up Connections .
Right-click the interface on which you want to configure inbound
2.
access control, and then click Properties .
In the Components checked are used by this connection box, click
3.
Internet Protocol (TCP/IP) , and then click Properties .
In the Internet Protocol (TCP/IP) Properties dialog box, click
4.
Advanced .
5. Click the Options tab.
6. Click TCP/IP filtering , and then click Properties .
Select the Enable TCP/IP Filtering (All adapters) check box. When
you select this check box, you enable filtering for all adapters,
7.
but you configure the filters on a per-adapter basis. The same
filters do not apply to all adapters.
There are three columns with the following labels:
TCP Ports
UDP Ports
IP Protocols
In each column, you must select either of the following options:
Permit All . If you want to permit all packets for TCP or UDP
traffic, leave Permit All activated.

Permit Only . If you want to allow only selected TCP or UDP

8. traffic, click Permit Only , click Add , and then type the
appropriate port in the Add Filter dialog box.
If you want to block all UDP or TCP traffic, click Permit Only ,
but do not add any port numbers in the UDP Ports or TCP Port
column. You cannot block UDP or TCP traffic by selecting Permit
Only for IP Protocols and excluding IP protocols 6 and 17.

Note that you cannot block ICMP messages, even if you select Permit
Only in the IP Protocols column and you do not include IP protocol
1.

TCP/IP Filtering can filter only inbound traffic. This feature does not
affect outbound traffic or response ports that are created to accept
responses from outbound requests. Use IPSec Policies or packet filtering if
you require more control over outbound access.
 38

AIM:

Monitoring IP Multicast Routing

Command  Purpose
Router# mrinfo [hostname |
address] [source-address |
interface]
Router# mstat source
[destination] [group]
Router# mtrace source
[destination][group]
 
Query a multicast router about which
neighboring multicast routers are
peering with it.
Display IP multicast packet rate and
loss information.
Traces the path from a source to a
destination branch for a multicast
distribution tree for a given group.

AIM:

To create an IPSec Policy

1. Using HQ-RES-WRK-01, in the left pane of the MMC Console, right-click

IP Security Policies on Local Machine, and then click Create IP Security
Policy. The IP Security Policy Wizard appears.

2. Click Next.

3. Type Partner as the name of your policy, and click Next.

4. Clear the Activate the default response rule check box, and then click
Next.

5. Make sure the Edit Properties check box is selected (it is by default),
and then click Finish.

6. In the Properties dialog box for the policy you have just created,
ensure that Use Add Wizard check box in the lower-right corner is selected,
and then click Add to start the Security Rule Wizard.

7. Click Next to proceed through the Security Rule Wizard, which you
started at the end of the previous section.

8. Select This rule does not specify a tunnel, (selected by default) and
then click Next.

9. Select the radio button for All network connections, (selected by

default) and click Next.
 39

WINDOWS 2000: NETWORK MANAGEMENT

AIM:

Creation of Group Policy objects

1. Open Active Directory Users and Computers.

2. In the console tree, click Users.
3. In the Name column in the details pane, double-click Group Policy
Creator Owners.
4. In the Group Policy Creator Owners Properties dialog box, click the
Members tab.
5. Click Add, and then double click the name of each user or security
group to whom you want to delegate creation rights.
6. Click OK in the Select Users, Contacts, or Computers dialog box, and
then click OK in the Group Policy Creator Owners Properties dialog box.

Notes
 To start Active Directory Users and Computers, open a Remote Desk Top
connection to either a Windows 2000 domain controller or a member
server that has Windows 2000 Administration Tools installed. You must
log on to the server as a domain administrator in order to complete
this procedure.
 By default, only domain administrators, enterprise administrators,
Group Policy Creator Owners, and the operating system can create new
Group Policy Objects. If the domain administrator wants a
nonadministrator or a group to be able to create Group Policy objects,
that user or group can be added to the Group Policy Creator Owners
security group. When a user who is not an administrator, but who is a
member of the Group Policy Creator Owners group, creates a Group Policy
object, that user becomes the creator and owner of the Group Policy
object; therefore, that user can edit the Group Policy object. Being a
member of the Group Policy Creator Owners group gives the user full
control of only those Group Policy objects that the user creates or
those Group Policy objects that are explicitly delegated to that user.
It does not give the nonadministrator user any additional rights over
other Group Policy objects for the domain—these users are not granted
rights over Group Policy objects that they did not create.
 When an administrator creates a Group Policy object, the Domain
Administrators group becomes the Creator Owner of the Group Policy
object.
 When you delegate this task to nonadministrators, also consider
delegating the ability to manage the links for a specific
organizational unit. The reason for this is that, by default,
nonadministrators cannot manage links, and the inability to manage
links prevents them from being able to use the Active Directory Users
and Computers snap-in to create a Group Policy object.
 40

WINDOWS 2000 : TROUBLESHOOTING

AIM:

Backup the recovery agent Encrypting File System9EFS) Private key:

1. Use Backup or another backup tool to restore a user's backup version of

the encrypted file or folder to the computer where your file recovery
certificate and recovery key are located.
2. Open windows Explorer.
3. Right-click the file or folder and then click Properties.
4. On the General tab, click Advanced.
5. Clear the Encrypt contents to secure data check box.
6. Make a backup version of the decrypted file or folder and return the
backup version to the user.

Notes
 To open Windows Explorer, click Start, point to All Programs, point to
Accessories, and then click Windows Explorer.
 You can return the backup version of the decrypted file or folder to
the user as an e-mail attachment, on a floppy disk, or on a network
share.
 You can also physically transport the recovery agent's private key and
certificate, import the private key and certificate, decrypt the file
or folder, and then delete the imported private key and certificate.
This procedure exposes the private key more than the procedure above
but does not require any backup or restore operations or file
transportation.
 If you are the recovery agent, use the Export command from Certificates
in Microsoft Management Console (MMC) to export the file recovery
certificate and private key to a floppy disk. Keep the floppy disk in a
secure location. Then, if the file recovery certificate or private key
on your computer is ever damaged or deleted, you can use the Import
command from Certificates in MMC to replace the damaged or deleted
certificate and private key with the ones you have backed up on the
floppy disk.
 For more information about using Certificates in MMC, see Related
Topics.

