Vous êtes sur la page 1sur 24

Chapter 1

Introduction to Windows Server 2003

Two main goals for Net Admin

Make network resources available to users

Files, folders, printers, etc.

Secure the network so that resources are available to users with proper permissions.

Four Main WS03 Editions

Standard small to large businesses Enterprise for organizations that support higher end apps for more users Datacenter for mission critical applications, very large databases, and high availability Web for hosting and deploying web services and related applications

WS03 Standard Edition

Base level server license for small to medium companies or workgroups Up to four processors (symmetric multiprocessing) Up to 4 GB RAM supported per server Includes Active Directory support PCC price with 5 CALs: $950

WS03 Enterprise Edition

Designed for the enterprise supports server clusters for reliability and performance 8-node clustering available Up to 8 processors per server node Up to 64 GB RAM support PCC price with 5 CALs: $3660

WS03 Datacenter Edition

Designed to support very large databases in the enterprise Up to 32-way symmetric multiprocessing 8-node clustering Up to 64 GB RAM Very high availability Purchase from OEM one-stop shopping for hardware, software, operating system: 1 call

WS03 Web Edition

Lower cost than Standard Edition Includes IIS (Internet Information Services) and .NET Platform with ASP support Dedicated web services Up to 2 symmetric multiprocessors Up to 2 GB RAM Cannot install non-web service applications! Cannot be a domain controller but can be part of an active directory domain

Other Windows 2003 Servers

R2 released in December 2005 in each main edition

Essentially it is Service Pack 2 with streamlined server management features

Small Business Server - entry level server, for smaller companies

PCC price $560 with 5 CALs Supports up to 50 client computers Offers e-mail, file sharing, printing, fax, Two editions standard and premium Includes Microsoft Exchange

Two WS03 Security Models


A logical group of computers (e.g. departmental) Decentralized security, on each server or peer Users need an account on each server or resource they access in workgroup model Thus not scalable keep to less than 10-20 clients Can use peer to peer with no WS03 server Central control of security via Active Directory authentication (global permissions database) Requires at least one server configured as a domain controller


Type of Server Roles

Standalone server user accounts only on that machine (workgroup model or in domain) Member server of active directory domain Domain Controller server contains user accounts and permissions for all the domains servers

User has just one account for the domain and is given permission for all appropriate objects in the AD When a user logs in, DC authenticates by checking the AD database If more than one DC server, can replicate the active directory permissions database in case of failure of the DC

Managing with Workgroups

All members of the workgroup must list the same workgroup name in their Computer Name property tab of System Properties dialog box (My Computer | Properties) In Administrative Tools, can use Local Users and Groups command to create/maintain users.

In Active Directory, this command is grayed out and a separate one exists

Active Directory Overview

Domain has a unique name

Is organized in hierarchy fashion with organizational units (OUs) fashioned after the companys own org chart

Organizational Unit is a container that holds other objects in the domain Tree is a hierarchical collection of domains Forest is a collection of trees that do not share a contiguous DNS naming structure

What do I have?

Go to Computer Name property tab of System Properties dialog box (My Computer | Properties) [see p. 10]

It will state whether Workgroup or Domain

If you have a workgroup server, it can be converted to a domain but it is complex and will take a while Best with >10 clients to use active directory and set up domains.

Computer Accounts

On a workstation, must have administrator permission to view these

Dilemma: do you give your users administrator status? This allows them to adjust things more effectively but they can also damage settings! Right click My Computer and choose Manage or Click Start, then Administrative Tools, then Computer Management.

To check local accounts

Local Users and Groups

To view the Properties of a user or group, right click that name in the right pane and choose Properties

Choose how often the password is changed Choose which groups this user is a member of Change the login profile file or default path

To reset the password, right click the user and choose Set Password.

User Accounts in AD

Click Start, Administrative Tools, Actiove Directory Users and Groups Choose domain Select the desired object group

Builtin, Computers, Domain Controllers, ForeignSecurityPrincipals, or Users Many more options are available here more later

Right click user or group and choose Properties


Network Management and Maintenance Overview

Five focus areas for a LAN admin: managing and maintaining:

Physical and logical devices (mostly hardware) Users, computers, and groups (most common) Access to resources (sharing permissions) A server environment (configuring WS03) Disaster recovery (backup and restore, disaster planning)


MMC Microsoft Management Console

The window style used in Administrative Tools for most of the tools Can build a custom MMC with just the tools you use most often

Click Start, Run, type MMC and click OK Use File | Add/Remove Snap-in command Click Add to choose tools File | Save As and give name you want It will be saved in Administrative Tools and you can drag to desktop or in quick start menu list.

Active Directory

Establishes domain security a central point for storing and controlling network objects Single authentication point (although you can have other domain controllers for backup purposes) AD uses domain name service (DNS) to maintain structures:

frank.net could be name of the domain Child domain is campus.frank.net (as prefix)

Active Directory Schema

This is the definition of the objects and their security parameters Logical objects

Domains and organizational units Trees and forests Global catalog


Domains and OUs

Organizational unit a logical container for organizing objects within a single domain Objects such as users, groups, computers, printers, and other OUs can be stored in an OU container May have multiple domains to make it easier to administer


Trees and Forest

May have multiple domains within an enterprise (like 431 servers)

Ex: divisions within the company where each has its own domain. They may be administered individually Might have different password policies between divisions

Tree is the collection of domains that share a contiguous DNA naming structure Forest is a collection of trees that do not share a contiguous DNS naming structure

Do not have to have multiple domains


Global Catalog

An index and partial replica of objects and attributes that are used most often throughout the AD structure

It is available to any server within the forest that is configured to be a global catalog server Enables users to find AD information from anywhere in the forest (names, email address) See p. 32 in chapter 1


Other AD Concepts

If you have a server called database.frank.net, your workstation queries the DNS server to resolve its IP address.

When you log on, your workstation queries DNS to find a domain controller to authenticate LDAP (lightweight directory access protocol) is used to query or update AD. Naming paths

Distinguished Name every object has one Relative Distinguished Name portion of the DN that uniquely identifies the object within the container.