Professional Documents
Culture Documents
To my loving wife of more than 9 years, who continues to provide me love and encouragement even when I dont deserve it.
Acknowledgments
No book is written alone. Instead, there is a wealth of people working behind the scenes to help make a book the best possible. Im grateful for the hard work put in behind the scenes by several people. Kamal Harmoni, Kharizan, Hj. Shukri, Fadhlina, Ruslan, Azzahari, Alanto, and Nor Izwan, all provided a significant amount of work that helped produce this book. Im grateful to each of them.
Table Of Contents
Title
Exercise 1 Installing Windows Server 2008
Page
6
Exercise 2
Initial Configuration
17
Exercise 3
29
Exercise 4
55
Exercise 5
74
Exercise 6
96
Exercise 7
106
Exercise 8
124
Exercise 9
141
Exercise 10
155
Exercise 11
174
Exercise 12
Logon Scripts
208
Table Of Contents
Title
Exercise 13 Home Directories
Page
226
Exercise 14
Disk Quotas
247
Exercise 15
261
Exercise 16
Viewing Events
319
Exercise 17
Auditing
327
Exercise 18
367
Exercise 19
399
Exercise 20
453
Exercise 21
481
Exercise 22
519
Exercise 1
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
Hardware Requirements
Table 1.1 lists the basic system requirements for Windows Server 2008 editions.
Standard Processor (min) Processor (recommended) Memory (min) Memory (recommended) Memory (max) Disk space (min) Disk space (recommended) 1 GHz (x86) 1.4 GHz (x64) 2 GHz or faster 512 MB 2 GB or more 4 GB (32 bit) 32 GB (64 bit) 10 GB 40 GB
Enterprise 1 GHz (x86) 1.4 GHz (x64) 2 GHz or faster 512 MB 2 GB or more 64 GB (32 bit) 2 TB (64 bit) 10 GB 40 GB
Datacenter 1 GHz (x86) 1.4 GHz (x64) 2 GHz or faster 512 MB 2 GB or more 64 GB (32 bit) 2 TB (64 bit) 10 GB 40 GB
TABLE 1.1 Hardware requirements for Windows Server 2008 editions. Hardware resources would need to be increased for any systems using Hyper-V technology and running virtual machines. For example, if youre running three virtual servers within a Windows Server 2008 Enterprise edition, you would need additional processing power, more memory, and more disk space.
Beware, though. These files are quite large. If youre using a slower dial-up link, you might want to see whether Microsoft is currently offering an evaluation DVD via regular mail. Theres a nominal cost involved with this option, but its better than trying to download more than 2GB at 56KB. The download is an .iso image of the actual DVD. Search with your favorite search engine for Download Windows Server 2008, and youll find the link. Once you download the .iso image, you can burn it to a DVD. If you dont have the software needed to burn it to DVD, you can use one of many freeware utilities (such as ImgBurn) to burn the .iso image to your DVD.
EXERCISE 1.1 Installing Windows Server 2008 1. Insert the Windows Server 2008 DVD into your DVD drive. Boot your PC using Windows Server 2008 DVD. 2. Language and Keyboard Options. This allows you to specify your language and your keyboard layout. By default, text input language and method is : US Keyboard layout (Figure 0001).
Figure 0001 : Language and Keyboard Options 2.1. Click Next to continue.
3. Windows Server 2008 Setup You are presented with options to Install, brief information about Server 2008 or repair (Figure 0002).
Figure 0002 : Windows Server 2008 Setup 3.1 Click Install now to start setup Windows Server 2008 on this computer. 4. Product Key and Activation
Figure 0003 : Product Key and Activation 4.1 Enter your "Product Key" for activation now or you can enter it later (Figure 0003).
Figure 0004 : Product Key Warning 4.3. If you leave the product key box blank, the warning window will appear (Figure 0004); just click No to continue.
5. Windows Server Version 5.1. Select Windows Server 2008 Enterprise (Full Installation), (as shown in the Figure 0005).
Figure 0005 : Windows Version 5.2. Tick the box of I have selected the edition of Windows that I purchased. 5.3. Click Next.
10
6. Windows Server 2008 License Agreement 6.1. Read the terms of the license agreement. If you accept (which, of course, you have to do to continue installation), tick the box of I accept the license terms (Figure 0006).
Figure 0006 : Windows Server 2008 License Agreement 6.2. Click Next to continue.
11
7. Installation Options. You are presented with options to Upgrade or Custom (advanced). Click Custom (advanced), (Figure 0007).
Figure 0007 : Installation Options 8. Partition Options 8.1. Click Drive options (advanced), (Figure 0008).
12
13
8.6.
Click Next. The partition will be formatted with NTFS as part of the installation. At this point, take a break. The installation will continue on its own.
14
9. First Time Login When you first time login, the windows warning will appear ask you to change the user password before logging on for the first time (Figure 0013).
10. Change Administrator Password. 4.1 Enter a new password in the two test boxes (Figure 0014). Enter Pr@ctice in this exercise. It meets complexity requirements and doesnt require you to remember multiple passwords. Dont use this password on a production server.
Figure 0014 : Change Administrator password 10.2 Hit Enter button after the passwords are entered.
15
Figure 0015 : Password changed successfully 10.3 Once the password has been changed, the screen indicates success (Figure 0015). Click OK.
Summary In this section you installed Windows Server 2008 on a computer. In the following exercises you will setting time zone, install Active Directory and other services, creating a small network for you to administer.
16
Exercise 2
Initial Configuration
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
17
Figure 0016 : Set time zone 2. Click Change time zone (Figure 0017).
18
3. Select time zone appropriate for your location. e.g. (GMT+08:00) Kuala Lumpur, Singapore (Figure 0018).
Figure 0018 : Time zone 4. Click OK. 5. Click OK again (Figure 0019).
19
Configuring Network
In this section, youll learn how to configure networking on your server. Make sure you have hook up your server to the network before you start. EXERCISE 2.2 Configuring Network 1. In Initial Configuration Tasks, select Configure networking (Figure 0020).
20
Figure 0022 : Local Area Connection Properties 4. Uncheck Internet Protocol Version 6 (TCP/IPv6), because we only use TCP/IPv4 only (Figure 0023).
21
5. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button (Figure 0024).
Figure 0024 : TCP/IPv4 6. Now set your server IP address, and ensure that you are using a static IP address. For this exercise, Im using number 21 as my server station number (Figure 0025). Tips: Use the following IP address: IP address Subnet mask Default gateway : 192.168.2.SN : 255.255.255.0 : 192.168.2.ISIP (server station number) (internet server IP address)
Use the following DNS server address: Preferred DNS server Alternate DNS server : 192 . 168 . 2 . DNS (1st DNS server IP address) : ___ . ___ . ___ . ___ (2nd DNS server IP address)
22
Figure 0025 : Static IP address 7. Click Advanced button after complete setting your IP address (Figure 0025). 8. Select the DNS tab (Figure 0026).
Figure 0026 : Advanced TCP/IP Setting 9. Specify myserver.com as the DNS suffix for this connection (Figure 0026). 10. Tick Use this connections DNS suffix in DNS registration box (Figure 0026).
23
11. Click OK (Figure 0026). 12. Click OK again. 13. Click Close button to close Local Area Connection Properties (Figure 0027).
Figure 0027 : Local Area Connection Properties 14. Click Close button to close Local Area Connection Status. 15. Close Network Connection properties (Figure 0028).
24
Figure 0029 : Provide computer name and domain 2. Click Change... button (Figure 0030).
25
3. Key-in your server name at Computer name: box. In this exercise I user server21 as my computer name (Figure 0031). And click OK.
4. Windows remind you to restart your computer to apply the changes. Click OK.
26
27
Summary In this section you have configure Time Zone, Networking and Computer Name for your Server 2008. In the following exercises you will install Active Directory and other services for you to administer.
28
Exercise 3
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
29
Exercise 3 : Installing and Configuring DNS Installing Domain Name System (DNS) Services Role
In this section, youll learn how to implement a domain name server for your network. Domain Name System (DNS) provides a standard method for associating names with numeric Internet addresses. This makes it possible for users to refer to network computers by using easy-to-remember names instead of a long series numbers. Windows DNS services can be integrated with Dynamic Host Configuration Protocol (DHCP) services on Windows, eliminating the need to add DNS records as computers are added to the network. The first step is required to ensure that you are using a static IP address and that the DNS settings on the computer have been correctly configured. Make sure your have hook up your PC to the network and you are using a static IP address before you start. EXERCISE 3.1 Installing Domain Name System (DNS) Services Role 1. Launch Server Manager. Click Start Administrator Tools Server Manager (Figure 0036).
30
Figure 0038 : Add Roles 4. On the Before You Begin page, review the requirements, and click Next (Figure 0039).
31
5. On the Select Server Role page, select the check box next to DNS Server, and click Next (Figure 0040).
Figure 0040 : Server Roles DNS Server 6. On the DNS Server page, review the information, and click Next (Figure 0041).
32
33
8. On the Installation Result page, review the information. Click Close to continue (Figure 0044).
34
EXERCISE 3.2 Configuring Domain Name System (DNS) 9. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 0045)
10. Double-click on the computer icon to expand the DNS Server (Figure 0046).
35
EXERCISE 3.2.1 Configuring Forward Lookup Zones 11. Click on Forward Lookup Zones first, and then right-click on it. 12. Select New Zone (Figure 0047)
13. New Zone welcome wizard appear. Click Next to continue (Figure 0048).
36
14. Select Primary zone and click Next button (Figure 0049).
Figure 0049 : Zone Type 15. The New Zone Wizard dialog box requests the name for the zone. Enter the name that has been assigned to your domain (this example uses myserver.com). (Figure 0050).
Figure 0050 : Zone Name 16. Once you have entered the correct name for the zone name, click Next button to continue.
37
17. The dialog box now displays the name that will be used to the new zone file. Leave the filename as suggested, then click Next (Figure 0051).
Figure 0051 : Zone File 18. Select the option "Allow both nonsecure and secure dynamic updates". Click Next to continue (Figure 0052).
38
19. Click Finish to close the wizard and create the new zone (Figure 0053).
39
EXERCISE 3.2.2 Creating Forward Lookup Zones New Host 20. Double click to expand Forward Lookup Zones. 21. Right click myserver.com and select New Host (Figure 0054).
22. Enter IP address for DNS server (myserver.com) and click Add Host (Figure 0055).
Figure 0055 : New Host 23. Click OK button. 24. Click Done button to exit New Host Wizard.
40
25. After finish configuring Forward Lookup Zones, recheck myserver.com must have minimum three(3) types resource record (SOA), (NS) and (A). (Figure 0056).
41
EXERCISE 3.3 Configuring Reverse Lookup Zones 26. Click on Reverse Lookup Zones. 27. Right click Reverse Lookup Zones and select New Zone (Figure 0057).
Figure 0057 : Add a New Zone 28. New Zone welcome wizard appear. Click Next to continue (Figure 0058)
42
29. Select Primary zone and click Next button (Figure 0059)
30. Select IPv4 Reverse Lookup Zone and click Next to continue (Figure 0060).
43
31. A reverse zone maps IP addresses to computer names, so it has to know what range of IP addresses it will be responsible for. Enter the first 3 octets of the IP address that has been allocated to your network domain (Figure 0061).
Figure 0061 : Network ID 32. After entering the network ID, click Next button to continue. 33. The wizard will display the name of the reverse zone file that it will create. Leave the filename as suggested, then click Next (Figure 0062).
44
34. Select the option "Allow both nonsecure and secure dynamic updates". Click Next to continue (Figure 0063)
Figure 0063 : Dynamic Updates 35. Click Finish to close the wizard and create the new zone (Figure 0064).
45
EXERCISE 3.3.1 Creating Reverse Lookup Zones New Pointer (PTR) 36. In the DNS manager window, double-click the computer icon and expand the Reverse Lookup Zone field. 37. Expand the subnet field. 38. Right-click the subnet field and select New Pointer (Figure 0065).
Figure 0066 : Host IP Address 40. Click Browse button to browse for host name.
46
47
Figure 0069 : Browse Host Name Domain.com 44. Double click Host (A) record (Figure 0070).
48
46. After finish configuring Reverse Lookup Zones, recheck the subnet field. The subnet field must have minimum three(3) types resource record (SOA), (NS) and (PTR). (Figure 0072).
49
EXERCISE 3.4 Testing The DNS Server In this section you verify that the DNS Server is installed, running, and correctly configured. 47. In the DNS manager window, right-click the computer icon and select properties (Figure 0073).
50
49. Enable both tests and click Test Now button (Figure 0075).
Figure 0075 : DNS Server Properties - Monitoring Do not proceed till the test results for Simple Query indicate Pass. Your recursive query result will indicate Fail because we did not configure our DNS to query to other DNS server. 50. Click OK to continue 51. Close the DNS Manager.
51
EXERCISE 3.5 Testing The DNS Server Using NSLOOKUP To Query DNS In this exercise you will use a client tool to check the operation of the DNS server. You will query both a forward and reverse lookup. 52. Launch Run. Click Start Run (Figure 0076).
52
54. A command prompt DOS window will appear with the program nslookup running in it (Figure 0078). The default server name and IP address of the DNS server will be shown.
55. To perform a forward lookup (resolve a computer name to an IP address) enter the name of the computer (e.g. myserver.com) (Figure 0079).
53
56. Press ENTER. Your query result will be same as Figure 0080 below.
57. To perform a reverse lookup (resolve an IP address to a computer name), enter the IP address given in step 56 and press ENTER (Figure 0081).
Figure 0081 : Query Reverse Lookup 58. Close the command prompt windows (Figure 0082).
Summary The DNS server is a database that manages computer names and their IP addresses. Zone files are used to store this information. Within a zone, a forward lookup resolves computer names to IP addresses. A reverse zone resolves IP addresses to computer names. A client tool such as NSLOOKUP can be used to test the operation of a DNS server.
54
Exercise 4
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
55
EXERCISE 4.1 Adding Active Directory Domain Services Role 1. Launch Server Manager. Click Start Administrator Tools Server Manager (Figure 0082).
56
Figure 0084 : Add Roles 4. On the Before You Begin page, review the requirements, and click Next (Figure 0085).
57
5. On the Select Server Role page, select the check box next to Active Directory Domain Services, and click Next (Figure 0086).
Figure 0086 : Server Roles 6. On the Active Directory Domain Services page, review the information, and click Next (Figure 0087).
58
59
8. On the Installation Result page, review the information. Click Close (Figure 0090).
Figure 0090 : Installation Result Note : You still must run the Active Directory Domain Services Installation Wizard (DCPromo) to make the server a fully functional domain controller.
60
Figure 0091 : Run dcpromo 11. On the Welcome screen, click Next (Figure 0092).
61
12. On the Operating System Compatibility screen, review the information, and click Next (Figure 0093).
13. On the Choose a Deployment Configuration screen, select Create a New Domain in a New Forest. Click Next (Figure 0094).
62
If your computer were part of an existing forest, you could create a replica domain controller within an existing domain. However, this exercise is assuming your server will be the first domain controller in the forest. 14. On the Name the Forest Root Domain screen, enter MYServer.com as the fully qualified domain name. Click Next (Figure 0095).
Figure 0095 : Name the Forest Root Domain Screen 15. If Domain NetBIOS Name page appears, accept the default of MYSERVER. 16. On the Set Forest Functional Level screen, select the Forest functional level of Windows Server 2008. This ensures that any new domains created in this forest will automatically operate at the Windows Server 2008 domain functional level, which does provide unique features. If you had a network that has a Windows 2000 Remote Access Server, you would select the compatible option (Figure 0096).
63
17. Click Next to continue. 18. On the Additional Domain Controller Options screen, note that both the DNS server and the global catalog are selected as options. Active Directory Domain Services requires DNS, and if not available on the network, DCPromo will give you the option of installing it. Additionally, the first domain controller within a domain is a global catalog server.
Figure 0097 : Additional Domain Controller Options Screen Note : If you have dynamically assigned IP addresses, a warning will appear indicating you must assign static IP addresses for both IPv4 and IPv6. Either assign static IP addresses or click Yes; the computer will use a dynamically assigned IP address and configure static IP addresses later. As a best practice, domain controllers should use statically assigned IP addresses.
64
19. If this server is on an isolated network without other DNS servers, a warning dialog box will appear indicating that a delegation for this DNS server cant be created and other hosts may not be able to communicate with your domain from outside the domain. This is normal when installing DNS for the first domain controller in a forest. Click Yes to continue (Figure 0098).
20. On the Location for Database, Log Files, and SYSVOL screen, accept the defaults. Click Next (Figure 0099).
Figure 0099 : Location for Database, Log Files, and SYSVOL Screen
65
21. On the Directory Services Restore Mode Administrator Password screen, enter @xercisE in both the Password and Confirm password boxes. This password is needed if you need to restore Active Directory Domain Services. On a production domain controller, a more secure password would be required. Click Next (Figure 0100).
22. On the Summary screen, review your selections, and click Next (Figure 0101). Active Directory Domain Services will be installed.
66
23. After a few minutes, the wizard will complete (Figure 0102).
24. If a warning message appeared same as below, just click OK. This message appeared because we already created the DNS zone before (Figure 0103).
Figure 0103 : Warning Message 25. On the Completion screen, click Finish (Figure 0104).
67
26. On the Active Directory Domain Services dialog box, click Restart Now (Figure 0105). Once your system reboots, Active Directory Domain Services will be installed.
68
EXERCISE 4.3 Recheck Network Configuration Now you need to recheck your network configuration because sometime after installing Active Directory Domain Services, the network configurations change to localhost setting. 28. Launch Network and Sharing Center. Click Start Right click Network Properties (Figure 0107).
69
29. Under myserver.com (Domain network), click View status (Figure 0108).
Figure 0108 : View Network Status 30. Click Properties button to open Local Area Connection Properties (Figure 0109).
70
31. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button (Figure 0110).
71
32. Check your network configurations; make sure the configurations correct (Figure 0112).
Figure 0112 : Network Configurations 33. Now click the Advanced button (Figure 0112). 34. Select the DNS tab (Figure 0113). 35. Specify myserver.com as the DNS suffix for this connection (Figure 0113). 36. Tick Use this connections DNS suffix in DNS registration box (Figure 0113). 37. Click OK (Figure 0113). 38. Click OK again.
72
Figure 0113 : Advanced TCP/IP Setting 39. Close all remaining windows.
Summary
Windows Server 2008 brings a lot of new features and benefits that will drive a lot of migrations to the new operating system. This chapter presented many of these new additions. One of the significant benefits of Windows Server 2008 is virtualization. Three editions (Windows Server 2008 Standard with Hyper-V, Windows Server 2008 Enterprise with Hyper-V, and Windows Server 2008 Datacenter with Hyper-V) support virtualization. Each edition can be purchased with or without Hyper-V, which is the technology that supports virtualization. The Standard edition supports one virtual server, the Enterprise edition supports as many as four virtual servers, and the Datacenter edition supports an unlimited number of virtual servers. Virtualization is supported only on 64-bit operating systems. In this chapter, you learned about the new features of Windows Server 2008. These included Server Manager, Server Core, PowerShell, Windows Deployment Services, and read-only domain controllers. Exercises led you through the process of installing Windows Server 2008 on a PC. After reviewing many of the basics of Active Directory Domain Services, you learned how to promote the server to a domain controller.
73
Exercise 5
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
74
1. Logon server as administrator. 2. Launch Active Directory Users and Computers. Click Start Administrative Tools Active Directory Users and Computers (Figure 0114)
75
Figure 0115 : Expand Domain 4. On the menu bar, click Action, New, Organizational Unit (Figure 0116).
76
5. Enter Stkm as the name for the new organizational unit (Figure 0117). 6. Uncheck Protect container from accidental deletion (Figure 0117). 7. Click OK (Figure 0117).
Figure 0117 : Create Organization Unit 8. Repeat step 3 to 7 to create the organizational units Sted and Sklr (Figure 0118).
Figure 0118 : Organization Unit Creating organizational units lets you place users directly into units and assign permissions and rights based on these units. This leads to better administration and delegation control than if you placed users directly into the user container. When users move from one department to another, it is a simple matter to move the user to the corresponding organizational unit. In this way, they inherit all the new features and rights and of the new organizational unit, ensuring they have full access to all the resources they are entitled to.
77
EXERCISE 5.2 Creating Users within Organizational Units For proper control, it is better to create users within an OU rather than the Users container. In the following exercise you will create a number of users, modify their properties, and move them from one organizational unit to another. 9. Click the Stkm OU to highlight it (Figure 0119).
Creating new user accounts for Zul 10. Right click Stkm and select New User from the menu (Figure 0120).
78
11. Enter the following details for Zul (Figure 0121). First Name Zul Last Name Zcomby Full Name Zul Zcomby User logon name zul.zcomby
12. Click Next. 13. Enter the password as comby. Check the boxes User cannot change password and Password never expires, then click Next (Figure 0122).
79
14. Click Finish to create the new user Zul (Figure 0123).
Figure 0123 : New User Account Confirmation 15. The warning below will appear. This warning appears because your password does not meet the password policy requirements. Click OK to continue (Figure 0124).
Figure 0124 : Password Policy Warning 16. Click Cancel to close new user account confirmation window (Figure 0125).
80
EXERCISE 5.2 Configuring Password Policy 17. To disable password policy requirements; launch Group Policy Management. Click Start Administrative Tools Group Policy Management (Figure 0126)
81
18. Double click to expand Forest: myserver.com. 19. Expand Domains. 20. Expand myserver.com. 21. Click Default Domain Policy (Figure 0127).
82
23. Right click Default Domain Policy and select Edit (Figure 0129).
24. Double click to expand Policies (Figure 0130). 25. Expand Windows Settings. 26. Expand Security Settings (Figure 0130).
83
28. Click Password Policy (Figure 0132). 29. Double click Password must meet complexity requirements under Password Policy to open Password must meet complexity requirements Properties.
Figure 0132 : Group Policy Management - Password Must Meet Complexity Requirements
84
30. Select Disabled under Security Policy Setting tab (Figure 0133).
Figure 0133 : Password Must Meet Complexity Requirements Properties 31. Click OK. 32. Double click Minimum password length under Password Policy to open Minimum password length Properties (Figure 0134).
85
Figure 0135 : Minimum Password Length Properties 34. Click OK. 35. Recheck your configuration. Your configuration should be same as figure below (Figure 0136).
36. Close all windows and RESTART your server. After restarting server, login as Administrator and start create user Zul Zcomby again (follow step 10 to 14). There should be no problem anymore.
86
Creating Users within Organizational Units (Continue) 37. Now create the new user Ocah in the Stkm OU using the following properties (Figure 0137). First Name Last Name Full Name Password Ocah Blue Ocah Blue ocah
User logon name ocah.blue User cannot change password Password never expires Figure 0137 : Ocah Blue Properties
38. Create the following user account in the Sted OU (Figure 0138). First Name Last Name Full Name Password Ahmad Akmal Ahmad Akmal akmal
User logon name zul.akmal User cannot change password Password never expires Figure 0138 : Ahmad Akmal Properties
39. Create the following user account in the Sklr OU. First Name Last Name Full Name Password Ain Syahmi Ain Syahmi ain
User logon name ain.syahmi User cannot change password Password never expires Figure 0139 : Ain Syahmi Properties
87
First Name Last Name Full Name User logon name Password
User cannot change password Password never expires Figure 0140 : Aliuddin Properties First Name Last Name Full Name User logon name Password Wan Saad Md Saad wan.saad masuri
User must change password at next logon Account is disabled Figure 0141 : Md Saad Properties
40. Note the down arrow that appears on the icon for the user Md Saad, indicating this account has been disabled (Figure 0142).
88
EXERCISE 5.3 Moving Users within Organizational Units 41. It is easy to delete, rename or move a user from an organization unit. In the above exercise the user Md Saad was inadvertently placed in the wrong OU. Right-click the user Md Saad and select move from the list (Figure 0143).
Figure 0143 : Move Users 42. Click Stkm as the destination OU (Figure 0144).
43. Click OK
89
44. Expand the Stkm OU to confirm that the user Md Saad is now a member of Stkm OU (Figure 0145).
You have now created a number of users within the organizational units created earlier. At this stage, you cannot see the benefits of doing this. However, the later exercises will start to illustrate why this has been done, by allocating resources to organizational units. Thus, a user will get access to a resource based on their OU membership properties. If a user moves from one organizational unit to another, they will inherit all the resources associated with the new OU.
90
EXERCISE 5.4 Updating User Information In this exercise we will look at default user properties such as logon times and how often they need to change their passwords. Active Directory allows organizations to store significantly more information than in previous versions of Windows. For example, you can store telephone and office information in the Active Directory with the user information. 45. Double click the user Md Saad in the Stkm OU (Figure 0146).
Figure 0146 : User Properties 46. Enter the following details (Figure 0147). Office Telephone Number E-Mail Department Company Integration 012-5740157 md.saad@myserver.com Computer Technology IKM Figure 0147 : User Details
91
Figure 0149 : Md Saad Properties - Organization 47. Click OK to apply the changes.
92
EXERCISE 5.5 Restrict User Logon Hours 48. Double click the user Md Saad in the Stkm OU (Figure 0150).
Figure 0150 : Md Saad Properties 49. Click Account tab (Figure 0151).
93
Figure 0152 : Logon Hours 51. Select all areas and click Logon Denied (Figure 0153).
Figure 0153 : Logon Hours for Md Saad Logon Denied Restrict the logon hours (under Account Tab) to Monday-Friday, 8am-5pm. 52. Select the areas Monday to Friday and 8am to 5pm (Figure 0154).
94
Figure 0155 : Logon Hours for Md Saad Set Logon Permitted 54. Click the OK button. 55. Click the OK button again. In the above exercise you assigned some organizational information to a user. You also explored some of the properties that can be applied.
95
Exercise 6
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
96
Role of This Computer Client Workstation Name of Installer Domain Name TCP/IP Address TCP/IP Subnet mask TCP/IP Gateway Preferred DNS server Note : SN = Station Number Use the same domain name as you did for the Server. Administrator same domain name as you did for the Server 192.168.2.SN 255.255.255.0 192.168.2.ServerNumber 192.168.2.ServerNumber
97
EXERCISE 6.1 Network Setting (Windows XP) 1. Run Network Connections application program. Click Start All Programs Accessories Communications Network Connections (Figure 0156).
Figure 0156 : Run Network Connections 2. Right click Local Area Connection (Figure 0157).
98
Figure 0158 : Local Area Connection Properties 5. Now set your client (Windows XP) IP address, and ensure that you are using a static IP address. For this exercise, Im using number 61 as my Windows XP client station number (Figure 0159). Use the following IP address: IP address Subnet mask Default gateway : 192.168.2.SN : 255.255.255.0 : 192.168.2.ServerNumber (client station number) (server IP address)
Use the following DNS server address: Preferred DNS server Alternate DNS server : 192 . 168 . 2 . ServerNumber : ___ . ___ . ___ . ___ (1st server IP address) (2nd server IP address)
99
Figure 0159 : Internet Protocol (TCP/IP) Properties 7. Click the OK button (Figure 0159).
Figure 0160 : Local Area Connection Properties 8. Click OK button (Figure 0160) and close all remaining windows.
100
EXERCISE 6.2 Joining Domain (Windows XP client) 9. Click Start Right-click My Computer (Figure 0161).
101
11. Click the Computer Name tab, and then click Change. (Figure 0163).
Figure 0163 : System Properties 12. Click the More button. (Figure 0164).
102
13. Specify yourdomain.com as the Primary DNS Suffix for This Computer (Figure 0165).
Figure 0165 : DNS Suffix and NetBIOS Computer Name 14. Click the OK button. 15. Change Computer Name to clientxpSN (Figure 0166). 16. Select "Member of ....... Domain" and enter the name of your Domain (Figure 0166).
Figure 0166 : Computer Name Changes - Domain 17. Click the OK button.
103
18. Now Domain Server will prompt you for Username and Password. Enter any username and password you have created before. (Figure 0167).
19. If you get this welcome message : Windows : "Computer Name Changes" Welcome to the ....... domain"; it means you are successfully joining a domain. (Figure 0168).
20. Since joining a domain is a major change in the security configuration of your system, you will be reminded that you have to restart your system. Click OK (Figure 0169).
104
21. You will be back in the System Properties, where you are now listed as being part of a domain (Figure 0170).
Figure 0170 : System Properties Computer Name 22. Click OK to close the remaining dialog boxes (Figure 0170). 23. Click YES to restart the computer. (Figure 0171).
. .
105
Exercise 7
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
106
EXERCISE 7.1 Viewing Computers and Servers in Active Directory In this exercise, you will use Active Directory Users and Computers to view the workstations and servers in the domain.
1. Log on the Windows Server 2008 as administrator. 2. Launch Active Directory Users and Computers. Click Start Administrative Tools Active Directory Users and Computers (Figure 0172)
107
Figure 0172 : Launch Active Directory Users and Computers 3. Expand the domain icon (Figure 0173).
108
Figure 0174 : AD Computers You can see CLIENTXP61 listed under Computer folder.
Figure 0175 : CLIENTXP61 Properties Now you can see the general information about CLIENTXP61 including it DNS name and it role.
109
Figure 0176 : CLIENTXP61 Properties - Operating System Here you can find information about Operating System, version and service pack using by client.
7. Click OK to close the properties box. 8. Click on the Domain Controllers folder under myserver.com (Figure 0177)
110
Figure 0179 : SERVER21 Properties - Operating System Here you can find information about Operating System, version and service pack using by server. 11. Click OK to close the properties box and close all remaining dialog box.
In this exercise you viewed properties of workstations and servers in your network using Active Directory.
111
EXERCISE 7.2 Using the Local Workstation Account In this exercise you will log on the Windows XP Professional workstation using a local administrator account. 12. Log on the Windows XP Professional as administrator (Figure 0180).
Figure 0180 : Log on to Windows XP 13. Log off the client computer. Click Start Shutdown and select Logoff Administrator (Figure 0181).
112
EXERCISE 7.3 Using Domain wide account at the client computer In this exercise you will log on the client computer using a domain account. 15. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0183).
113
16. Log on the Windows XP Professional as zul.zcomby and comby as password (Figure 0184).
Figure 0184 : Log on to Windows XP 17. Click OK. 18. You will receive a Logon Message. Why? (Figure 0185) Because zul.zcomby not created on the local client account, it was created in the server active directory account. Just now, you were tried to logon to the client using active directory user account.
Figure 0185 : Logon Message 19. Click OK to dismiss the dialog box.
114
20. Now, look at the logon box. There is an extra field displayed, called Logon to: (Figure 0186).
Figure 0186 : Log on to Windows XP 21. Click the Logon to: box, and select MYSERVER (Figure 0187)
115
Figure 0188 : Log on to server using client workstation 23. Click OK. What happened? Could you log on? It should be no problem. 24. Log off the client computer. But leave it running Windows XP Professional (do not shut the computer down yet). 25. If you are currently logged in to the Windows Server 2008, log off. 26. Attemp to log on to the server as zul.zcomby. 26.1. Click Switch User button (Figure 0189).
26.2.
116
26.3.
Figure 0191 : Logon to server using user account 26.4. Press ENTER.
27. What happened? Could you log on? A error message appeared (Figure 0192).
Figure 0192 : Logon Error Message Why? Because the user account you are using to login into server do not have permission to login into server directly.
117
30. Launch Active Directory Users and Computers. Click Start Administrative Tools Active Directory Users and Computers (Figure 0193).
118
32. Double-click on the user Zul Zcomby to display the properties box (Figure 0195).
Figure 0195 : Zul Zcomby Properties 33. Click the Member Of tab (Figure 0196).
119
120
Figure 0200 : Select Groups Find Now 38. Click OK. 39. Click OK (Figure 0201).
121
Figure 0202 : Zul Zcomby Properties - Member Of 41. Log off server. Click Start Log Off (Figure 0203).
42. Attemp to log on to the server as zul.zcomby. 42.1. 42.2. Press Ctrl + Alt + Del. Click Switch User button (Figure 0204).
122
42.3.
Figure 0206 : Logon to server using user account 42.5. Press ENTER.
Summary
Servers do not allow normal users to logon locally. Servers run the network and provide resources, which users connect to remotely across a network. Servers are not designed to have users physically sitting at their keyboards trying to log on and run programs. Users actually logon to a client computer in the network and access resources using a network connection. Client computers running Windows XP Professional have their own accounts database.
123
Exercise 8
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
124
125
Figure 0208 : AD myserver.com 4. Right click the Stkm OU and select Delegate Control (Figure 0209).
126
6. Click Next (Figure 0210). 7. Click the Add button (Figure 0211).
Figure 0211: Delegation of Control Wizard Users or Groups 8. Click the Advanced button (Figure 0212).
127
Figure 0213: Select Users, Computers, or Groups Advanced 10. Select Zul Zcomby account (Figure 0214).
128
129
Figure 0217: Task to Delegate 15. Click Next (Figure 0217). 16. Click Finish (Figure 0218).
130
17. Log off server. Click Start Log Off (Figure 0219).
131
EXERCISE 8.2 Managing Users In this portion of the exercise you will log on to server as zul.zcomby and attempt to manage users. 18. Attemp to log on to the server as zul.zcomby. 18.1. 18.2. Press Ctrl + Alt + Del. Click Switch User button (Figure 0220).
Figure 0220 : Switch User button 18.3. Click Other User button (Figure 0221).
18.4.
Figure 0222 : Logon to server using user account 18.5. Press ENTER.
132
19. Launch Active Directory Users and Computers. Click Start Administrative Tools Active Directory Users and Computers (Figure 0223).
Figure 0223: Launch Active Directory Users and Computers 20. You will be asked to reenter your password for security measure. Just reenter password for zul.zcomby (Figure 0224).
133
Figure 0226: Active Directory Users and Computers - Stkm 23. Double-click the user Ocah Blue (Figure 0227).
134
Figure 0228: Ocah Blue Properties 25. Click the Logon Hours button (Figure 0229).
135
26. Select all areas and click Logon Denied (Figure 0230).
Figure 0230 : Logon Hours for Ocah Blue Logon Denied Change Ocahs the logon hours (under Account Tab) to Monday-Friday, 8am5pm. 27. Select the areas Monday to Friday and 8am to 5pm (Figure 0231).
136
Figure 0232 : Logon Hours for Ocah Blue Set Logon Permitted 29. Click OK. 30. Click OK again. 31. Click the Sklr OU (Figure 0233).
137
32. Double-click Ain Syahmi user account to display the properties of this user (Figure 0234).
Figure 0234: Active Directory Users and Computers User 33. Attemp to change the logon hours of this user. Click Account tab (Figure 0235).
138
35. A warning message will be displayed (Figure 0237). Why do you think you are not able to modify this account?
Figure 0237: AD Error Message Because Zul Zcomby only have permission to modify user under Stkm OU only. He only have read permissioin for other OUs. 36. Click OK to close the message (Figure 0237). 37. Close all remaining windows except Active Directory Users and Computers. 38. Click the Stkm OU (Figure 0238).
139
39. Right-click Ocah Blue account and select Reset Password from the list (Figure 0239).
Figure 0239: AD Ocah Blue Reset Password This display a reset password box that will allow the password to be changed. 40. Click Cancel (Figure 0240).
41. Close all remaining windows. 42. Log off the server. In the above exercise you delegated control of an Organizational Unit to a user. You then modified account details of users belonging to that OU as the designated manager of the OU. Delegating control of users using the delegation control wizard is simple. When control of users and groups is delegated, administrators can be relieved of simple administrative tasks such as resetting passwords and modification of user accounts.
140
Exercise 9
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
141
The recommended strategy for using groups in Windows Server 2008 is to use both global and domain local groups. Place users into global groups and then place the global groups into domain local groups and assign permissions to the domain local groups. Global groups have access to accounts in the local domain. Where the enterprise consists of more than one domain, local groups allow the use of accounts across all the domains. Where the enterprise has combined a number of domains into a forest, Universal groups provide access to any accounts in the forest. 1. Log on server as Administrator (Figure 0241).
142
2. Launch Active Directory Users and Computers. Click Start Administrative Tools Active Directory Users and Computers (Figure 0242).
Figure 0242 : Launch Active Directory Users and Computers 3. Right-click the domain icon and select New - Group from the list (Figure 0243).
143
4. Create a global group called Technical Support (Figure 0244). 4.1 Key-in Technical Support in the Group name: box 4.2 Verify Group scope set to Global. 4.3 Verify the Group type is set to Security.
6. Add Ali Uddin as a member of Technical Support. 6.1 Double-click Technical Support (Figure 0245).
144
Figure 0246 : Technical Support Properties 6.3 Click Add button (Figure 0247).
Figure 0247 : Add button 6.4 Click Advanced button (Figure 0248).
145
Figure 0249 : Select Users, Contacts, Computers, or Group - Advanced 6.6 Select Ali Uddin user account (Figure 0250).
146
6.7 6.8
Figure 0251 : Select Users, Contacts, Computers, or Group 6.9 Cick OK (Figure 0252).
147
7. Create a new Domain Local group called Intranet Users (Figure 0253). 7.1. Right-click the domain icon and select New - Group from the list (Figure 0253).
Figure 0253 : Active Directory Users and Computers New Group 7.2. Key-in Intranet Users in the Group name: box (Figure 0254). 7.3. Verify Group scope set to Domain Local (Figure 0254). 7.4. Verify the Group type is set to Security (Figure 0254).
148
Figure 0255: Active Directory Users and Computers 9 Add the Intranet Users group as a Member Of Technical Support. 9.1. Click Member Of tab (Figure 0256).
Figure 0256 : Intranet Users Properties 9.2. Click Add button (Figure 0257).
149
Figure 0258 : Select Groups - Add 9.4. Click Find Now button (Figure 0259).
150
Figure 0260 : Select Groups Search Results Can you find Technical Support? Why do you think this happened? 9.6. Close all windows except Active Directory Users and Computers.
10 Now try adding the Technical Support group as a Member Of Intranet Users. 10.1. Double-click Technical Support group (Figure 0261).
151
10.2.
Figure 0262 : Technical Support Properties 10.3. Click Add button (Figure 0263)
10.4.
152
10.5.
10.6.
153
10.7.
Figure 0267 : Select Groups Intranet Users Group Added Can you add the Technical Support group as a Member Of Intranet Users? Why do you think this is so? 11 Click OK button (Figure 0268).
Figure 0268 : Technical Support Properties Member Of Intranet Users 12 Log off Administrator.
Summary
Windows Server 2008 running in native mode supports the use of different group types. Global groups have access to user accounts and other global groups in the same domain. Local groups allow you to access accounts outside the current domain, and universal groups provide access across organizations (forests).
154
Exercise 10
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
155
Group Policies Group policies are settings or configurations that can be applied to users, groups, organizational units and domains. An administrator can create a group policy that configures the computer or user settings, such as menu and desktop settings, folder locations and default password settings. Windows NT 4 and Windows 98 introduced system policies. Windows 2000, 2003 and 2008 extends these further using group policies. EXERCISE 10.1 Creating a Group Policy
1.
156
2. Launch Group Policy Management. Click Start Administrative Tools Group Policy Management (Figure 0270).
157
5.
Now, you will create a new group policy for the Stkm OU. This new policy will apply to all members of the Stkm OU though in another exercise that follows, you will override this. 6. Right-click the Stkm OU and select the Create a GPO in this domain, and Link it here (Figure 0274).
158
9. Right-click the STKM Group Policy and select Edit (Figure 0276).
10. The group policy editor allows you to specify user and computer settings. In the following steps, you will change some of these settings (Figure 0277).
159
Figure 0278 : Group Policy Management Editor User Configuration 12. Expand the Policies folder (Figure 0279).
Figure 0279 : Group Policy Management Editor Policies 13. Expand the Administrative Templates folder (Figure 0280).
14. Click the Start Menu and Taskbar folder (Figure 0281).
Figure 0281 : Group Policy Management Editor Start Menu and Taskbar
160
15. A large list of selections is available. Double click the option Add Logoff to the Start Menu (Figure 0282).
Figure 0282 : Group Policy Management Editor Add Logoff to the Start Menu 16. The Add Logoff to the Start Menu Properties appears. Click the Disabled button to disable this setting (Figure 0283).
18. The setting now displays as Disabled in the Group Policy Editor (Figure 0284).
161
19. Configure the following settings. Remove Run menu from Start Menu Enabled Remove Clock from the system notification area Enabled Desktop\Desktop\Enable Active Desktop Enabled Desktop Wallpaper Enabled Wallpaper Name : C:\WINDOWS\Web\Wallpaper\Autumn.jpg Wallpaper Style : Stretch (This uses wallpaper from the Windows XP Pro installed on C drive of client PC)
20. Close the group policy editor. 21. Refresh the Group Policy Management. On the Menubar; click Action Refresh (Figure 0285).
162
Update Group Policy 23. Launch the Run application. Click Start Run (Figure 0286).
Figure 0287 : Run Windows 25. Click OK to run the gpupdate (Figure 0288).
163
EXERCISE 10.2 Test the Group Policy The group policy has been applied to members of the Stkm Organizational Unit. There are two members; Zul Zcomby and Ocah Blue. You will now test this policy to see if it works. 27. Log on the server as zul.zcomby. 27.1. 27.2. Press Ctrl + Alt + Del. Click Switch User button (Figure 0289).
Figure 0289 : Switch User button 27.3. Click Other User button (Figure 0290).
Figure 0290 : Other User button 27.4. Enter user as zul.zcomby and password as comby (Figure 0291).
Figure 0291 : Logon to server using user account 27.5. Press ENTER.
164
28. Do you have the RUN command on the Start Menu? YES / NO
Now verify that the settings are also applied to the client computer. Log on to the Client computer as ocah.blue. 30. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0292).
Figure 0292 : Windows XP Logon 31. Log on the client computer as ocah.blue and ocah as password (Figure 0293).
165
32. Do you have the RUN command on the Start Menu? YES / NO
35. All the group policy setting should be applied (Figure 0294).
36. Log off the client computer. 37. Log off the Server.
166
Log on to client computer as zul.akmal 38. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0295).
Figure 0295 : Windows XP Logon 39. Log on the Windows XP Professional as zul.akmal and akmal as password (Figure 0296).
41. If not, why do you think this is so? Because zul.akmal not a member of the Stkm OU. The group policy applied only to the members of the Stkm OU. 42. Log off the client computer.
167
EXERCISE 10.3
Disabling The Group Policy In this exercise you will disable the group policy of Stkm OU. 43. Log on server as Administrator (Figure 0297).
Figure 0297 : Administrator Login 44. Launch Group Policy Management. Click Start Administrative Tools Group Policy Management (Figure 0298).
168
Figure 0299 : Group Policy Management - Forest 46. Expand the Domains (Figure 0300).
169
You are now going to disable the policy of Stkm OU. This is a better option than removing the policy, as if you decide to re-implement the policy at a later date, it will still be there. 48. Expand the Stkm OU (Figure 0302).
50. A warning box appears. The Group Policy Management remind you that you have selected a link to a GPO and changes you make will impact all other locations linked with the GPO (Figure 0304).
Figure 0304 : Group Policy Management Console Warning 51. Click OK to continue (Figure 0304).
170
52. Right-click the Stkm Group Policy and select Link Enabled (Figure 0305).
Figure 0305 : STKM Group Policy Details 53. Now you can see under Link Enabled; the status Yes have changed to No (Figure 0306).
171
Update Group Policy 55. Launch the Run application. Click Start Run (Figure 0307).
Figure 0308 : Run Windows 57. Click OK to run the gpupdate (Figure 0309).
172
Now verify that the group policy is disabled. Log on to the Client computer as zul.zcomby. 59. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0310).
60. Log on the Windows XP as zul.zcomby and comby as password (Figure 0311).
Figure 0311 : Log On To Server Using Client Workstation 61. Were the policies now disabled? YES / NO 62. Log off the client computer.
Summary
In this exercise you created a group policy and applied it to an organizational unit. Only a fraction of the available settings were explored. Applying a group policy is a way of controlling security and configuring groups of users with common settings. This can help reduce the cost of ownership and the level of administrator support by restricting what users can do or change on their computers.
173
Exercise 11
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
174
Preliminary Setup
Add zul.akmal, ocah.blue and ain.syahmi to the Intranet Users group. 1. Log on server as Administrator (Figure 0312).
Figure 0312 : Administrator Login 2. Launch Active Directory Users and Computers. Click Start Administrative Tools Active Directory Users and Computers (Figure 0313).
175
3. Click myserver.com (your domain.com) and double-click the Intranet Users group from the list (Figure 0314).
Figure 0314 : Active Directory Users and Computers Intranet Users Group 4. Click the Members tab (Figure 0315).
Figure 0315 : Active Directory Users and Computers Intranet Users Properties
5. Add Ocah Blue as a member of Intranet Users. 5.1 Click Add button (Figure 0316).
176
177
Figure 0319 : Select Users, Contacts, Computers, or Group Find Now 5.5 Cick OK (Figure 0319).
5.6
178
5.7
You can see Ocah Blue is added as a member of Intranet Users group (Figure 0321).
6. Now repeat steps 5 to add zul.akmal and ain.syahmi as a member of Intranet Users group.
7. After finish adding all the user to Intranet Users group, your Intranet Users properties should be same as figure below (Figure 0322).
Figure 0322 : Active Directory Users and Computers Intranet Users Properties 8. Cick OK to finish added members to Intranet Users group (Figure 0322).
179
EXERCISE 11.1 Creating and Sharing a Resource Using Windows Explorer In this exercise, you will use Windows Explorer to create a folder and verify the NTFS file permissions. The folder will then be shared and permissions assigned. You will then access this shared resource from the client computer.
1.
Figure 0323 : Administrator Login 2. Launch Windows Explorer. Click Start Right-click Computer select Explore (Figure 0324).
180
3. Access D: drive (Figure 0325). (Make sure your D drive are NTFS formatted. If not, you have to convert or format it to NTFS)
Figure 0325 : Windows Explorer D Drive 4. Create a folder named tempSN (SN represents youre Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be temp21. 4.1. Right-click D drive select New Folder (Figure 0326).
181
4.2.
Figure 0327 : Rename Folder 5. Open the temp21 folder properties. Right-click temp21 folder select Properties (Figure 0328).
Figure 0328 : Open the temp21 folder properties 6. Click the Security tab. A list of security permissions is displayed. Note that the group Administrators is given Full Control access at the folder level (Figure 0329).
182
When users access a folder across the network, both the share and NTFS permission lists define the user permissions. 7. Click the Sharing tab (Figure 0330).
Figure 0330 : temp21 Folder Properties - Sharing 8. Click Advanced Sharing button (Figure 0331).
Figure 0331 : Advanced Sharing button 9. Enable the Share this folder option (Figure 0332).
183
Figure 0333 : Advanced Sharing Share name 11. Click the Permissions button (Figure 0334).
Now you will restrict permissions at the share level. Remember that user permissions to a network resource are made up of the share permissions and the NTFS permissions. 12. Remove the Everyone group. 12.1. Select the Everyone group from the list (Figure 0335).
184
12.2.
Figure 0336 : Remove button 13. Click the Add button (Figure 0337).
Figure 0337 : Add button 14. Add the Tech Support group with permissions of Full Control. 14.1. Click the Advanced button (Figure 0338).
Figure 0338 : Advanced button 14.2. Click the Find Now button (Figure 0339).
Figure 0339 : Find Now button 14.3. Select the Technical Support from the list of Search results (Figure 0340).
14.4.
185
14.5.
Figure 0341 : Select Users, Contacts, Computers, or Group 14.6. Click the Full Control allow box to enable the Full Control permission (Figure 0342).
Figure 0342 : Permission for Common Full Control 15. Repeat steps 13 to 14 to add the Intranet Users group with Read permissions. 16. The share permissions should look like same as figure below (Figure 0343).
186
17. Once you have set the permissions as describe, click OK button to close the dialog box (Figure 0343). 18. Click OK to close the advanced sharing dialog box for folder temp21 (Figure 0344).
187
20. In the Explorer window you will note a small double head icon on the folder D:\temp21, which indicates the folder is now shared (Figure 0346).
22. Log on the client computer as ali.zul and ali as password (Figure 0347).
188
Figure 0348 : Launch My Computer 24. Click the My Network Places (Figure 0349).
189
Figure 0351 : Entire Network 27. Double-click the Myserver workgroup (Figure 0352).
190
28. Double-click the Server21 and view the available resources (Figure 0353).
29. You should see the Common resource listed (Figure 0354).
30. Double-click the Common resources so that you are connected to it (Figure 0354).
31. A new window will open up and display the contents of the folder (it will be empty as there are no files in the folder) (Figure 0355).
191
32. Attempt to create a new text file. 32.1. Right-click in the windows and select New Text Document (Figure 0356).
32.2.
32.3.
192
Figure 0358 : Launch My Computer 35. Click the My Network Places (Figure 0359).
193
Figure 0361 : Entire Network 38. Double-click the Myserver workgroup (Figure 0362).
194
39. Double-click the Server21 and view the available resources (Figure 0363).
40. You should see the Common resource listed (Figure 0364).
41. Double-click the Common resources so that you are connected to it (Figure 0364).
42. A new window will open up and display the contents of the folder (Figure 0365).
195
43. Attempt to create a new text file. 43.1. Right-click in the windows and select New Text Document (Figure 0366).
43.2.
If NO, why do you think this happened? Before we begin this exercise, we have done some preliminary setup. We add mad.akmal, ocah.blue and ain.syahmi to the Intranet Users group and we set permissions to the folder temp21 as Read only for Intranet Users. But for Tech Support group, we set Full Control permissions.
In the earlier exercise, we add ali.zul as member of the Tech Support group. Thats why user ali.zul can create new text document in the Common folder on the Server21.
196
EXERCISE 11.2 Creating Network Drive Mapping Instead of using My Network Places, you can map a drive letter to the resource. This is an alternative way of accessing the resource, but requires that you know the location of the resource (you can use My Network Places to view the available resources, so you dont really need to know the location) 45. Log on the client computer as ali.zul and ali as password (Figure 0367).
46. Launch Map Network Drive wizard. Start right-click My Computer Map Network Drive (Figure 0368).
197
47. Select Z as drive and enter the location of the network resource in the Folder: box (Figure 0369). You must specify the name of the server and the share name. In this exercise, it is \\Server21\Common.
Figure 0369 : Map Network Drive Wizard 48. Click Finish button to apply. 49. A new window will open up and display the contents of the Common folder (Figure 0370).
198
50. Attempt to create a new test file (Figure 0371). 50.1. Right-click in the windows and select New Text Document (Figure 0371).
50.2.
199
EXERCISE 11.3 Publishing a Shared Resource in Active Directory One of the problems of publishing shares in the way you have just done (which is the way they done in NT 4 or 98) is that you have to browse the network or know which server the resource is located on in order to find it. This can be time-consuming and frustrating for users. Resources can be published in Active Directory, making them easy to find. In the next exercise you will publish the resource into Active Directory.
Figure 0372 : Administrator Login 53. Launch Active Directory Users and Computers. Click Start Administrative Tools Active Directory Users and Computers (Figure 0373).
200
54. Right-click domain (myserver.com) and select New Shared Folder (Figure 0374).
55. Enter the name as Common Files and the Network path as your server name and share name in this exercise it is \\Server21\Common (Figure 0375).
57. The new shared folder appears in the right windows pane of Active Directory (Figure 0376).
201
EXERCISE 11.4 Locating a Shared Resource in Active Directory Now that the shared folder is published in Active Directory, it is easy for users to locate and connect to the resource. 59. Log on to the client computer as ocah.blue (Figure 0377).
Figure 0377 : Log On To Server Using Client Workstation 60. Launch My Computer. Start My Computer (Figure 0378).
202
203
63. In the Find drop box, select Shared Folders and in the In drop box, select you domain - myserver (Figure 0381).
Figure 0381 : Find Shared Folders 64. Click Find Now button (Figure 0382).
204
66. Right-slick the Common Files shared folder from the list and select Map Network Drive (Figure 0384).
67. Select U as drive and enter the location of the network resource in the Folder: box (Figure 0385). Note how the location for the server share is filled in automatically.
Figure 0385 : Map Network Drive Wizard 68. Click Finish button to apply.
205
71. There are now one additional drive appears at the bottom (Figure 0387).
206
Summary
Permissions are assigned at the SHARE and at the File system level. By default, Windows Server 2003 places every use created into the group EVERYONE, and, when creating a new directory or share, automatically assigns rights to that resource so the group EVERYONE can access it.
If you want to secure any resources by restricting access, you should ensure that the appropriate permissions have been set at both the share and file system level.
Publishing shared folders in Active Directory simplifies the task of locating resources.
207
Exercise 12
Logon Scripts
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak. 208
1.
209
2. Launch Group Policy Management. Click Start Administrative Tools Group Policy Management (Figure 0389).
210
5.
6. Right-click the STKM Group Policy and select Edit (Figure 0393).
211
7.
The group policy editor allows you to specify user and computer settings. In the following steps, you will change some of these settings (Figure 0394).
Figure 0394 : Group Policy Management Editor 8. Expand User Configuration (Figure 0395).
Figure 0395 : Group Policy Management Editor User Configuration 9. Expand the Policies folder (Figure 0396).
212
Figure 0398 : Group Policy Management Editor Scripts (Logon/Logoff) 12. Double-click Logon (Figure 0399).
213
13. In the Logon Properties windows, click Show Files button (Figure 0400).
14. Create new text document. Right-click inside the new windows and select New Text Document (Figure 0401).
214
15. Double-click the text document. This will load the Notepad editor. Type the following text into the file (Figure 0402). echo off cls echo This is a log on script for the Stkm OU echo Welcome %USERNAME% , member of the Stkm OU pause
Figure 0402 : Notepad editor New Text Document 16. Save the file as Stkm.cmd 16.1. From Menu bar, click File Save As (Figure 0403).
Figure 0403 : Menu bar - Save As 16.2. Enter Stkm.cmd in the File name: box (Figure 0404).
215
16.3.
Select All Files from the Save as type: drop menu (Figure 0405).
Figure 0405 : Save As Type All Files 16.4. Click Save button (Figure 0406). Figure 0406 : Save Button
18. Close the Script windows by clicking the X button at the right top corner of the windows (Figure 0407).
216
19. On the Logon Properties window, click Add button (Figure 0408).
Figure 0408 : Logon Properties Add 20. Click Browse button on the Add a Script window (Figure 0409).
217
Figure 0410 : Browse Stkm.cmd 22. Click Open button (Figure 0411). Figure 0411 : Open Button 23. Now you can see the Stkm.cmd appear in the Script Name: box. Click OK button to continue (Figure 0412).
218
24. Stkm.cmd now listed under Logon Properties Script. Click OK button to close the Logon Properties window (Figure 0413).
26. On the Group Policy Management window, right-click STKM Group Policy and uncheck all options except Link Enabled (Figure 0414).
219
27. Open STKM Group Policy. Right-click the STKM Group Policy and select Edit (Figure 0415).
28. In the Group Policy Management Editor, expand User Configuration (Figure 0416).
220
Figure 0419 : Group Policy Management Editor System 32. Click the Scripts folder (Figure 0420).
221
33. Double-click the Run logon scripts visible option (Figure 0421).
Figure 0421 : Group Policy Management Editor Run logon scripts visible
34. The Run logon scripts visible Properties appear. Click the Enabled button to enable this setting (Figure 0422).
Figure 0422 : Run logon scripts visible Properties 35. Click OK to apply setting (Figure 0422).
36. In the same folder, double-click the Run logon scripts synchronously option (Figure 0423).
Figure 0423 : Group Policy Management Editor Run logon scripts synchronously
222
37. The Run logon scripts synchronously Properties appear. Click the Enabled button to enable this setting (Figure 0424).
Figure 0424: Run logon scripts visible Properties 38. Click OK to apply setting (Figure 0424).
39. The setting now displays as Enabled in the Group Policy Editor (Figure 0425).
41. On Group Policy Management, click Refresh button Policy Management window.
223
Update Group Policy 42. Launch the Run application. Click Start Run (Figure 0426).
Figure 0427 : Run Window 44. Click OK to run the gpupdate (Figure 0428).
224
Test The Logon Script 46. Log on to the client computer as ocah.blue (Figure 0429).
47. The logon script should appear same as figure below (Figure 0430).
48. Press ENTER or any key to continue. 49. Log off the client computer.
Summary
Scripts allow for both user and computer environments to be configured. The four scripts available are startup, shutdown, logon and logoff.
225
Exercise 13
HOME DIRECTORIES
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
226
Figure 0431: Administrator Login 2. Launch Windows Explorer. Click Start Right-click Computer select Explore (Figure 0432).
227
3. Access D: drive (Figure 0433). (Make sure your D drive are NTFS formatted. If not, you have to convert or format it to NTFS)
Figure 0433: Windows Explorer D Drive 4. Create a folder named UserSN (SN represents youre Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be User21. 4.3. Right-click D drive select New Folder (Figure 0434).
228
4.4.
5. Open the User21 folder properties. Right-click User21 folder select Properties (Figure 0436).
229
Figure 0437 : User21 Folder Properties - Sharing 7. Click Advanced Sharing button (Figure 0438).
Figure 0438 : Advanced Sharing button 8. Enable the Share this folder option (Figure 0439).
230
Set Sharing Folder Permissions 10. Click Permissions button (Figure 0441).
Figure 0441 : Permissions button 11. Select Everyone and click Remove button to remove Everyone from the Group or user names: list (Figure 0442).
231
Figure 0443 : Add button 13. Click the Advanced button (Figure 0444).
232
15. Select Ahmad Akmal account from the list (Figure 0446).
Figure 0446 : Select Users, Computers, or Groups Find Now 16. Click OK (Figure 0446).
233
18. Tick Allow box for Full Control permission. This will give Ahmad Akmal full control over the folder User21. So he can read and write to the User21 folder on the myserver.com server (Figure 0448).
Figure 0448: Folder Permissions For Users 19. Now we add Administrator account to give Administrator permission to manage the shared folder. Click Add button (Figure 0449).
Figure 0449 : Add button 20. Click the Advanced button (Figure 0450).
234
Figure 0451 : Select Users, Computers, or Groups Advanced 22. Select Administrator user account from the list (Figure 0452).
235
Figure 0453 : Select Users, Computers, or Groups User Added 25. Tick Allow box for Full Control permission. This will give Administrator full control over the folder User21. So the Administrator can manage the User21 folder on the myserver.com server (Figure 0454).
236
Figure 0456 : User21 Properties window 29. Click Close all remaining windows.
237
Set User Home Directories 30. Launch Active Directory Users and Computers. Click Start Administrative Tools Active Directory Users and Computers (Figure 0457).
238
239
35. Select drive L: connect to \\Server21\Users\zul.akmal under Home folder section (Figure 0462). (Specify the name of your server instead of Server21 as in this example).
Figure 0462: Ahmad Akmal Properties Home Folder 36. Click OK (Figure 0462). 37. Click Sted OU and click Refresh button .
240
Test User Home Directories 40. On the client computer, press CTRL+ALT+DEL to display the logon dialog box (Figure 0463).
41. Log on the Windows XP Professional as zul.akmal and akmal as password (Figure 0464).
241
43. There are now one additional drive appears at the bottom (Figure 0466).
242
44. Double-click the Network Drives to access the zul.akmal folder on the server (Figure 0467). The folders are empty.
50. Create new text document. Right-click inside the new windows and select New Text Document (Figure 0468).
243
Checking The Users Home Directories 47. Log on to the server as Administrator (Figure 0470).
244
48. Launch Windows Explorer. Click Start Right-click Computer select Explore (Figure 0471).
245
51. You can see the folder zul.akmal is automatically created. Click zul.akmal folder (Figure 0474).
Figure 0474 : Windows Explorer zul.akmal Folder What are the contents of the zul.akmal folder? Are there any files on it? You should see the Test.txt file (created earlier from the client computer) listed in the zul.akmal home directory.
Summary
Home directories allow users to store their files on the network. This is especially suited to roaming users.
246
Exercise 14
DISK QUOTAS
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
247
EXERCISE 14.1 Create Disk Quotas 1. Log on to the server as Administrator (Figure 0475).
Figure 0475 : Administrator Login 2. Launch Windows Explorer. Click Start Right-click Computer select Explore (Figure 0476).
248
Figure 0477 : Windows Explorer D Drive Properties 4. Click the Quota tab (Figure 0478).
249
6. Enable the check box Deny disk space to users exceeding quota limit (Figure 0479).
250
Add Quota Entries 9. Click the Quota Entries button (Figure 0481).
11. On the Menu Bar, click Quota New Quota Entry (Figure 0483).
251
12. Key-in zul.akmal and click Check Names button (Figure 0484).
Figure 0484 : Select Users 13. After button Check Names are clicked, Active Directory will locate all matching or similar object names for zul.akmal. If there are matching or similar object names found, the complete name with email will be shown (Figure 0485).
Figure 0485 : Select Users Ahmad Akmal 14. Click OK button to confirm (Figure 0485).
252
15. Set the following parameters for zul.akmal quota entry (Figure 0486). Select the option Limit disk space to and set the value to 10MB. Set the value for Set warning level to option to 8MB.
Figure 0486 : Add New Quota Entry 16. Click OK (Figure 0486).
17. Now there is a new quota entries added to the Quota Entries list for zul.akmal (Figure 0487).
253
19. Click OK button to close the Local Disk (D:) Properties window (Figure 0489).
Figure 0489 : Local Disk (D:) Properties window 20. The Disk Quota confirmation message appear, just click OK to enable the quota system now (Figure 0490).
254
Test The Quota Setting 21. Log on the client computer as zul.akmal and akmal as password (Figure 0491).
Figure 0491 : Log On To Server Using Client Workstation 22. Launch My Computer. Start My Computer (Figure 0492).
255
23. View Home Directory capacity. Right-click on L: drive and select Properties (Figure 0493).
24. The zul.akmal Home Directory properties appear. Look at the directory capacity, it only 10 MB. Same as the Disk Quota Entry we set earlier (Figure 0494).
256
25. Click OK button to close (Figure 0494). 26. Launch Windows Explorer. Start right-click My Computer Explore (Figure 0495).
Figure 0495 : Launch My Computer 27. Access the C:\WINDOWS\Web\Wallpaper sub-folder (Figure 0496).
257
28. Copy Bliss.bmp file. Right-click Bliss.bmp file and select Copy (Figure 0497).
Figure 0497 : Copy Bliss.bmp file 29. Paste the Bliss.bmp file into zul.akmal home directory on L: drive. Right-click L: drive and select Paste (Figure 0498).
258
30. Copy and Paste another file into zul.akmal home directory on L: drive until the disk quota warning appears (Figure 0499).
259
33. The zul.akmal Home Directory properties appear. Look at the Used space: size, you have used almost 10 MB. The home directory almost full (Figure 0501).
Figure 0501 : Ahmad Akmal Home Directory Properties 34. Click OK button to close (Figure 0501).
Summary
Disk quotas allow administrators to restrict disk space to users so that disk space can be effectively managed.
260
Exercise 15
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak. 261
EXERCISE 15.1 Establish a Software Distribution Point To support this exercise, you will need a shared folder on the network that contains the software applications that will be deployed. 1. Log on to the server as Administrator (Figure 0502).
262
2. Launch Windows Explorer. Click Start Right-click Computer select Explore (Figure 0503).
3. Access D: drive (Figure 0504). (Make sure your D drive are NTFS formatted. If not, you have to convert or format it to NTFS)
4. Create a folder named SoftDistSN (SN represents youre Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be SoftDist21.
263
4.1.
4.2.
264
EXERCISE 15.2 Sharing The SoftDist21 Folder 5. Open the SoftDist21 folder properties. Right-click SoftDist21 folder select Properties (Figure 0507).
Figure 0508 : SoftDist21 Folder Properties - Sharing 7. Click Advanced Sharing button (Figure 0509).
265
266
EXERCISE 15.3 Set Sharing Folder Permissions Set read access to the share folder for the Sklr OU users and Administrator. 10. Click Permissions button (Figure 0512).
11. Select Everyone and click Remove button to remove Everyone from the Group or user names: list (Figure 0513).
267
Figure 0515 : Select Users, Computers, or Groups 14. Click the Find Now button (Figure 0516).
268
15. First, we add first user of Sklr OU. Select Ain Syahmi account from the list (Figure 0517).
Figure 0517 : Select Users, Computers, or Groups Find Now 16. Click OK button (Figure 0517).
269
18. Tick Allow box for Read permission. This will give Ain Syahmi Read permission over the folder SoftDist21. So she can read from the SoftDist21 folder on the myserver.com server (Figure 0519).
Figure 0519 : Folder Permissions For Users 19. Click Apply button(Figure 0519). 20. Now we add second user of Sklr OU. Click Add button (Figure 0520).
Figure 0520 : Add button 21. Click the Advanced button (Figure 0521).
270
Figure 0522 : Select Users, Computers, or Groups Advanced 23. Select Aliuddin account from the list (Figure 0523).
Figure 0523 : Select Users, Computers, or Groups Find Now 24. Click OK button (Figure 0523).
271
26. Tick Allow box for Read permission. This will give Aliuddin Read permission over the folder SoftDist21. So she can read from the SoftDist21 folder on the myserver.com server (Figure 0525).
Figure 0525 : Folder Permissions For Users 27. Click Apply button (Figure 0525).
28. Now we add Administrator account to give Administrator permission to manage the shared folder. Click Add button (Figure 0526).
272
273
31. Select Administrator user account from the list (Figure 0529).
Figure 0529 : Select Users, Computers, or Groups Find Now 32. Click OK button (Figure 0529).
274
34. Tick Allow box for Full Control permission. This will give Administrator full control over the folder SoftDist21. So the Administrator can manage the SoftDist21 folder on the myserver.com server (Figure 0531).
275
37. Click Close button to close SoftDist21 Properties window (Figure 0533).
276
EXERCISE 15.4 Copy Software Application files to the Software Distribution Point The next step is to copy some software applications to the distribution share. 39. Download file WinRar 3.9.3 from site below: http://zcomby-server2008.blogspot.com under Downloads section and save to the software distribution share point (or download it from the internet from http://www.rarlab.com) .
40. Download file Sample.rar from site below: http://zcomby-server2008.blogspot.com under Downloads section and save to the software distribution share point (or create a rar file that has a readme.txt file in the achive).
EXERCISE 15.5 Create a ZAP file for the application To deploy the WinRar application, you will need to create a ZAP file, as no MSI file is available. 41. Create New text document inside E:\SoftDiskx, and rename the text document as winrar.zap. 41.1 Launch Notepad. Click Start All Programs Accessories Notepad (Figure 0534).
277
41.2
Figure 0535: Notepad 41.3 Change the file name to winrar.zap and select All Files for Save as type: box (Figure 0536).
Figure 0536 : Notepad Save As 41.4 Click Browse Folders button (Figure 0536).
278
41.5
Click Computer double click Local Disk (D:) double click SoftDist21 folder (Figure 0537).
Figure 0537 : Notepad Save As Browse Folders 41.6 Click Save button to confirm save location (Figure 0537).
42. Key-in the following text into the winrar.zap file (Figure 0538).
Figure 0538: winrar.zap 43. After finish insert the text, save and close the winrar.zap file.
279
In this step, you will edit the group policy for the Sklr OU and specify a new software installation for users.
44. Launch Group Policy Management. Click Start Administrative Tools Group Policy Management (Figure 0539)
Figure 0539 : Launch Group Policy Management 45. Expand Forest: myserver.com (Figure 0540).
280
Figure 0542 : Group Policy Management myserver.com 48. Right-click the Sklr OU and select the Create a GPO in this domain, and Link it here (Figure 0543).
281
51. Right-click the SKLR Group Policy and select Edit (Figure 0545).
282
Figure 0547 : Group Policy Management Editor Policies 54. Expand the Software Settings folder (Figure 0548).
Figure 0548 : Group Policy Management Editor Software Settings 55. Right-click Software installation and select New Package (Figure 0549).
283
56. Browse the network and locate the winrar.zap file. 56.1 Click the Network (Figure 0550).
56.2
284
56.3
56.4
Click file types drop-down box and select ZAW Down-level application packages (*.zap) (Figure 0553).
285
56.5
Select the winrar.zap file and click Open button (Figure 0554).
286
59. Now you can see the Win Rar package are listed under Software installation policy (Figure 0556).
Figure 0556 : SKLR Group Policy 60. Close all remaining windows. Update Group Policy 61. Launch the Run application. Click Start Run (Figure 0557).
287
288
EXERCISE 15.7 Test the software deployment In this step, you will log on to the client computer and test to see if the software can be deployed. In order for the software to install however, the user needs sufficient rights on the local computer. 65. Log on the client computer (Windows XP Professional) as local Administrator 65.1 Press CTRL+ALT+DEL to display the logon dialog box (Figure 0560).
Figure 0560 : Windows XP Logon Key-in User name: as Administrator and select Log on to: CLIENT (this computer) (Figure 0561).
65.2
289
290
291
70. Expand System Tools Local Users and Groups Groups (Figure 0566).
Figure 0566 : Computer Management 71. Double-click Power Users (Figure 0566). 72. Click Add button (Figure 0567).
292
73. Key-in ain.syahmi in the box and click Check Names button (Figure 0568).
Figure 0568 : Select Users, Computers, or Groups 74. Enter username as ain.syahmi and her password [ain] (Figure 0569).
293
Figure 0570 : Select Users, Computers, or Groups 76. Click OK button for the Power User Properties (Figure 0571).
294
79. Log on to the server from client computer as ain.syahmi. 79.1 Press CTRL+ALT+DEL to display the logon dialog box (Figure 0572).
Figure 0572 : Windows XP Logon 79.2 Key-in User name: as ain.syahmi and ain as password. (Figure 0573).
Figure 0573 : Log on to Windows XP 79.3 79.4 Select Log on to: MYSERVER (Figure 0573). Click OK button (Figure 0573).
295
80. Copy the file sample.rar from Server. 80.1 Launch My Computer. Start My Computer (Figure 0574).
80.2
296
80.3
80.4
Figure 0577 : Entire Network 80.5 Double-click the Myserver workgroup (Figure 0578).
297
80.6
Double-click the Server21 and view the available resources (Figure 0579).
Figure 0579 : Myserver Workgroup 80.7 You should see the ESoftware resource listed (Figure 0580).
Figure 0580 : Server21 Resources 80.8 Double-click the ESoftware to view the available resources (Figure 0580).
298
80.9
Copy Sample.rar file. Right-click on Sample.rar file select Copy (Figure 0581).
Figure 0581 : ESoftware on Server21 80.10 Paste on the client PC desktop. Right-click on Desktop Select Paste (Figure 0582).
299
81. Double-click the sample.rar file. What happened? WinRar installation wizard appeared. Install the WinRar (Figure 0583).
82. After finish install WinRar, close all remaining windows. And then double-click the sample.rar file. The Sample.rar now opened with WinRar program. Now you can read or extract contents of the Sample.rar file (Figure 0584).
Figure 0584 : Sample.rar opened with WinRar 83. Log off the client computer.
300
EXERCISE 15.8 Installing Application with MSI support In this exercise you will deploy Microsoft FrontPage 2003. 84. Log on to the server as Administrator (Figure 0585).
Figure 0585 : Administrator Login 85. Launch Windows Explorer. Click Start Right-click Computer select Explore (Figure 0586).
301
Figure 0587 : Windows Explorer D Drive 87. Access D:\SoftDist21 folder (Figure 0588).
302
88. Create subfolder called FrontPage. 88.1. Right-click D drive select New Folder (Figure 0589)
303
89. Insert the Microsoft Office 2003 AIO CD and copy all files and folders in the FrontPage folder to the D:\SoftDistx\FrontPage folder 89.1. Select the CD drive (Figure 0591).
Figure 0591 : Windows Explorer CD Drive Copy the FRONTPAGE folder. Right-click FRONTPAGE folder Copy (Figure 0592).
89.2.
304
89.3.
Expand the SoftDist folder. Right-click the FrontPage folder Paste (Figure 0593).
89.4.
Click the FrontPage folder to confirm all files are copied (Figure 0594).
305
90. Launch Group Policy Management. Click Start Administrative Tools Group Policy Management (Figure 0595)
Figure 0595 : Launch Group Policy Management 91. Expand Forest: myserver.com (Figure 0596).
306
Figure 0598 : Group Policy Management myserver.com 94. Right-click the SKLR Group Policy and select Edit (Figure 0599).
307
Figure 0600 : Group Policy Management Editor User Configuration 96. Expand the Policies folder (Figure 0601).
Figure 0601 : Group Policy Management Editor Policies 97. Expand the Software Settings folder (Figure 0602).
308
98. Right-click Software installation and select New Package (Figure 0603).
99. Browse the network and locate the FP11.msi file. 99.1 Click the Network (Figure 0604).
309
99.2
Figure 0605 : Network Server21 99.3 Double-click the ESoftware folder (Figure 0606).
310
99.4
99.5
99.6
Select the FP11.msi file and click Open button (Figure 0609).
311
100.
102.
103.
312
104. Now you can see the Microsoft Office FrontPage package are listed under Software installation policy (Figure 0612).
Figure 0612 : SKLR Group Policy 105. Close all remaining windows.
Update Group Policy 106. Launch the Run application. Click Start Run (Figure 0613).
107.
313
108.
109.
314
EXERCISE 15.9 Test the software deployment Now you will test the deployment of FrontPage 2003 by logging onto the client computer as a member of the Sklr OU. 110. Log on to the server from client computer as ain.syahmi. 110.1 Press CTRL+ALT+DEL to display the logon dialog box (Figure 0616).
Figure 0616 : Windows XP Logon 110.2 Key-in User name: as ain.syahmi and ain as password. (Figure 0617).
Figure 0617: Log on to Windows XP 110.3 Select Log on to: MYSERVER (Figure 0617). 110.4 Click OK button (Figure 0617).
315
111.
Click Start All Programs Microsoft Office Microsoft Office FrontPage 2003. Note how FrontPage appears on the start menu (Figure 0618).
112.
The installation process will begin. When requested, enter the CD key and click Next button (Figure 0619).
316
113.
Click Next button until reach the Summary windows (Figure 0620).
Figure 0620 : Microsoft Office FrontPage 2003 - Install 114. Click the Install button (Figure 0620).
115.
Figure 0621 : Setup Completed 116. Click Finish button to complete the FrontPage 2003 installation (Figure 0621).
117.
118.
317
119.
Is FrontPage 2003 available on the Start menu? YES NO Your answer must be NO. Why? Because we zul.akmal were member of Sted OU not the Sklr OU. We only deployed a software application to a Sklr OU users.
120. 121.
Summary
In this exercise you deployed a software application to a group of users. The application was not supported by Windows Installer so required you to create a ZAP file. The software application and Zap file were placed on a network share. This software was then associated with a group policy for the Sklr Organizational Unit. The software deployment was then tested when a user of the Sklr OU logged onto a client computer. In installing software on the client computer, the installer needed the required permissions. In this exercise, the users were made members of the Power Users group to enable the installation of the software. In actual use, members would be set up with the required permissions, rather than perhaps being made a member of this group on the local computer. Managing the software distribution can simply the administration of the network and ensure that users only get the applications that have been assigned to them.
318
Exercise 16
VIEWING EVENTS
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
319
1.
320
2. Launch Event Viewer. Click Start Administrative Tools Even Viewer (Figure 0623).
Figure 0623 : Launch Event Viewer 3. Expand Windows Logs System. The Event Viewer windows displays the current event logs. There are a number of logs available (Figure 0624).
321
Figure 0625 : Even Viewer Security Logs 5. All events have a Source and Task Category. Note these two columns in the window (Figure 0625). It is handy to sometimes restrict the events being viewed to just those events that are of interest.
322
In this exercise you will use the filtering function to display only those events of interest. Often the event log has hundreds of events listed, so you need the ability to look for only those events that are relevant to what you are trying to resolve.
6. On the right window, click the Filter Current Log (Figure 0626).
Figure 0626 : Even Viewer Security Logs 7. Select all Event level: (Figure 0627).
323
8. In Event sources: drop-down menu, select Microsoft Windows security auditing (Figure 0628).
324
11. Note that only Microsoft Windows security auditing events with Logon task category are now listed (Figure 0631).
Figure 0631 : Even Viewer Security events 12. Double-click the first event to see the event properties (Figure 0631).
325
13. The event properties of the first event appeared. The dialog box gives an indication of the event [including the event ID, which is helpful when exploring your server as to possible problems] (Figure 0632).
14. Click Close button (Figure 0632). 15. Close the event viewer. 16. Log off the server.
Summary
Windows Server 2008 logs activity to event logs. These events can be viewed with Event Viewer. Typical events are printing, security, auditing, logon and logoff, as well as other events generated by application software or other services such as DNS. Events are helpful in determining problems with configuration or security.
326
Exercise 17
AUDITING
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak. 327
Exercise 17 : Auditing
In this exercise, you shall look at enabling auditing on selected resources, so that their usage and access can be monitored. You will use event viewer to view the logged accesses. Often, if you find that you cannot resolve problems in user access, enabling auditing and viewing the audit logs with event viewer can help you determine the cause of the problem.
Figure 0633 : Administrator Login 2. Launch Group Policy Management. Click Start Administrative Tools Group Policy Management (Figure 0634).
328
Figure 0635 : Group Policy Management - Forest 4. Expand the Domains (Figure 0636).
5.
329
6. Edit the Default Domain Policy. Right-click Default Domain Policy Edit (Figure 0638).
Figure 0638 : Edit the Default Domain Policy. 7. Expand Computer Configuration (Figure 0639).
330
Figure 0641 : Expand Windows Settings. 10. Expand Security Settings (Figure 0642).
Figure 0642 : Expand Security Settings. 11. Expand Local Policies (Figure 0643).
331
Figure 0644 : Expand Audit Policy. 13. Open Audit logon events properties. Right-click Audit logon events Properties (Figure 0645).
Figure 0645 : Open Audit logon events properties. 14. Enable the Success and Failure attempts (Figure 0646).
332
15. Click Apply button (Figure 0646). 16. Click OK button to close (Figure 0646).
17. Enable the following events (Figure 0647): i. ii. iii. iv. v. vi. vii. Audit account logon events Success Audit account management Success Audit directory service access Success Audit logon events Success, Failure Audit object access - Success, Failure Audit policy change Success Audit system events - Success
18. Close the group policy management editor. 19. Close all remaining windows.
333
Update Group Policy 20. Launch the Run application. Click Start Run (Figure 0648).
Figure 0648 : Launch the Run Application 21. Key-in gpupdate in the Open : box (Figure 0649).
Figure 0649 : Run Windows 22. Click OK to run the gpupdate (Figure 0650).
334
EXERCISE 17.2 Set Auditing at the file object level. 1. Log on to the server as Administrator (Figure 0651).
2. Launch Windows Explorer. Click Start Right-click Computer select Explore (Figure 0652).
335
Figure 0653 : Windows Explorer D Drive 4. Right-click D: drive and select Properties (Figure 0654).
336
5. Select Security tab; and then click the Advanced button (Figure 0655).
337
Figure 0656 : Advanced Security Settings for Local Disk (D:). 7. Click the Edit button (Figure 0656). 8. Click Add button (Figure 0657).
Figure 0657 : Advanced Security Settings for Local Disk (D:) Auditing tab.
338
9. Key-in zul.zcomby in the box, and click Check Names button (Figure 0658).
339
11. Enable the following options (Figure 0660): List folder read data Successful and Failed Create files / write data - Successful and Failed
340
Figure 0661 : Advanced Security Settings for Local Disk (D:) Auditing tab. 14. Click OK button (Figure 0662).
341
342
EXERCISE 17.3 Access the resource to generate the audit event. Now it is time to test the auditing. What you did in the previous exercise was setup a group policy for domain controllers. You enabled auditing on the server using Local Security Policy. Next, you enabled auditing on the files and sub-folder D:\tempx. In the next step you will log on and access this resource, thus generating an audit event. 17. Log on to the server computer as zul.zcomby. 17.1. 17.2. Press Ctrl + Alt + Del. Click Switch User button (Figure 0664).
Figure 0664 : Switch User button 17.3. Click Other User button (Figure 0665).
Figure 0665 : Other User button 17.4. Enter user as zul.zcomby and password as comby (Figure 0666).
Figure 0666 : Logon to server using user account 17.5. Press ENTER.
343
18. Launch Notepad. Click Start All Programs Accessories Notepad. 19. Write your name (Figure 0667).
Figure 0668 : Save As - Browse Folder 22. Access the Local Disk (D:). Click Computer double-click Local Disk (D:) (Figure 0669).
344
Figure 0670 : Save As D:\tempx folder 24. Set the files name as Readme and click the Save button (Figure 0671).
25. Close the Notepad editor. 26. Log off the server.
345
EXERCISE 17.4 View the audit events. In the last exercise, you accessed the resource and this would have generated an audit event. These events are stored in the security log and are viewed with event viewer. 27. Log on to the server as Administrator (Figure 0672).
Figure 0672 : Administrator Login 28. Launch Event Viewer. Click Start Administrative Tools Even Viewer (Figure 0673).
346
29. Expand Windows Logs Security. The Event Viewer window displays the current event logs. There are a number of logs available (Figure 0674).
Figure 0674 : Even Viewer windows 30. On the right window, click the Filter Current Log (Figure 0675).
347
31. Now configure the Filter Current Log. Please refer to the following table for configuration (Figure 0676). Logged: Event level: Event sources: Task category: Keywords: User: Computer(s): Any time Information Microsoft Windows security auditing. File System Audit Success <All Users> <All Computer>
348
33. Note that only Microsoft Windows security auditing events with File System task category are now listed (Figure 0677).
Figure 0677 : Even Viewer Security events 34. Double-click the first event to see the event properties (Figure 0677). 35. The event properties of the first event appeared. The dialog box gives an indication of the event [including the event ID, which is helpful when exploring your server as to possible problems] (Figure 0678).
Figure 0678 : Event Properties 36. You will notice from Account Name: section, there are user name zul.zcomby are login into the server (Figure 0678).
349
37. Drag the right-hand side scroll bar until you see the Process Information: section (Figure 0679).
38. From this section, you can see the process or application zul.zcomby run while he login to the server. As you can see, zul.zcomby are launch Notepad application software. Maybe he writing something or maybe he open a text file (Figure 0679).
40. Now let find the location of the text file zul.zcomby opened. Double-click the second event to see the event properties (Figure 0680)
350
41. Scroll until you find the Object: section. As you can see the log reports same as the first event (Figure 0681).
Figure 0681 : Event Properties 42. Click the Close button (Figure 0681).
43. Now try double-click the third event to see the event properties (Figure 0682).
351
44. Scroll until you find the Object: section. Can you find the differences between third event and the first event? In the third event there is extra information under Object: section. Object Type: and Object Name: (Figure 0683). Object Type: state the type of the object. Object Name: state the object name.
Figure 0683: Even Viewer Security events From this event log, you can trace and viewed the security log. You can check what happened to the server behind the screen or while you were gone. This also can help you to determine the cause of the problem in user access. 45. Click the Close button (Figure 0683). 46. Close the event viewer.
352
EXERCISE 17.5 Disable Auditing Auditing places a performance penalty overhead on the computer. In this step, you will disable auditing. 47. Launch Group Policy Management. Click Start Administrative Tools Group Policy Management (Figure 0684).
353
51. Edit the Default Domain Policy. Right-click Default Domain Policy Edit (Figure 0688).
354
Figure 0689 : Expand Computer Configuration. 53. Expand Policies (Figure 0690).
Figure 0690 : Expand Policies. 54. Expand Windows Settings (Figure 0691).
355
Figure 0692 : Expand Security Settings. 56. Expand Local Policies (Figure 0693).
356
Change auditing to No Auditing. 58. Open Audit logon events properties. Right-click Audit logon events Properties (Figure 0695).
Figure 0695 : Open Audit logon events properties. 59. Disable the Success and Failure attempts; uncheck both boxes (Figure 0696).
Figure 0696 : Define policy settings. 60. Click Apply button (Figure 0696). 61. Click OK button to close (Figure 0696).
357
62. Change auditing to No Auditing the following events (Figure 0697): i. ii. iii. iv. v. vi. vii. viii. ix. Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events
63. Close the group policy management editor. 64. Close all remaining windows.
358
Update Group Policy 65. Launch the Run application. Click Start Run (Figure 0698).
Figure 0698 : Launch the Run Application 66. Key-in gpupdate in the Open : box (Figure 0699).
359
Remove User From Auditing Entry. 68. Launch Windows Explorer. Click Start Right-click Computer select Explore (Figure 0701).
Figure 0701 : Launch Windows Explorer 69. Access D: drive (Figure 0702).
360
Figure 0703 : Windows Explorer Properties 71. Select Security tab; and then click the Advanced button (Figure 0704).
361
72. Select Auditing tab and select Zul Zcomby (Figure 0705).
Figure 0705 : Advanced Security Settings for Local Disk (D:). 73. Click the Edit button (Figure 0705).
74. Select Zul Zcomby and click Remove button (Figure 0706).
Figure 0706 : Advanced Security Settings for Local Disk (D:) Auditing tab. 75. Click OK button (Figure 0706).
362
Figure 0707 : Advanced Security Settings for Local Disk (D:) 77. Click OK button (Figure 0708).
363
EXERCISE 17.6 Clear the Security Log Events In this exercise you will clear all the events in the Security log. 78. Launch Event Viewer. Click Start Administrative Tools Even Viewer (Figure 0709).
364
79. Expand Windows Logs Security. The Event Viewer window displays the current event logs. There are a number of logs available (Figure 0710).
80. Right-click Security log and select Clear Log (Figure 0711).
365
81. Click Clear button so that the events are not saved (Figure 0712).
Summary
Both Directories and Files can be audited. When auditing is enabled, events that are specified are written to an event log, which can be viewed in Event Viewer. It is possible to apply a filter when viewing events to be more selective. Applying auditing creates an overhead penalty on the server, and can fill the event logs quickly.
366
Exercise 18
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
367
Figure 0713 : Administrator Login 2. Open the Control Panel. Click Start Control Panel (Figure 0714).
368
4. Click Add a printer button to run the Add Printer wizard (Figure 0716).
369
Figure 0717 : Add Printer wizard - Add a local printer 6. Select Create a new port. And select Standard TCP/IP Port from the Type of port: drop down menu (Figure 0718).
Figure 0718 : Add Printer wizard Create new port 7. Click Next button (Figure 0718).
370
8. Now select Device type: as TCP/IP Device and enter your printer IP address in the Hostname or IP address: box. For this exercise, my printer IP address is 192.168.2.254 (Figure 0719).
10. Wait until the detecting of the TCP/IP port process finish. After finish the detection process, the windows will automatically move to the next page (Figure 0720).
371
12. Now the Add Printer wizard will try to detect the printer driver. The Add Printer wizard will automatically move to the next page after the detection process done (Figure 0722).
372
13. In the list of Manufacturer, select HP. And in the list of Printer, select your printer model. But if your printer is not listed, consult your printer documentation for compatible printer driver or just select the nearest model or select the Family or common driver. In this exercise, my printer is not listed under the printer list. So I will select the Family Driver of my printer; HP Color LaserJet Family Driver PCL5 (Figure 0723).
Figure 0723 : Add Printer wizard Install printer driver 14. Click Next button (Figure 0723).
15. Enter your printer name. Normally same as printer model. So here I enter my printer model; HP Color LaserJet CP1515n as printer name (Figure 0724).
Figure 0724 : Add Printer wizard Printer name 16. Click Next button (Figure 0724).
373
17. Enter HPCP1515n as the shared printer name and STKM for the Location field (Figure 0725).
Figure 0725 : Add Printer wizard Printer sharing 18. Click Next button (Figure 0725).
19. Click Finish button to complete the adding printer process (Figure 0726).
374
EXERCISE 18.2 Assign a Print Manager For The Printer In this exercise, you will assign a user to manage the printer. This printer manager will be able to delete jobs and perform other administrative tasks. 20. Right-click the installed printer and select Sharing (Figure 0727).
21. You will see that Windows Server 2008 has already shared the printer on the network, but the printer not listed in the Active Directory. To list the printer in the Active Directory, tick the List in the directory option (Figure 0728).
375
23. The current security setting for the printer is similar to the Figure 0729. You will note that everyone (all users) has print access, whilst Administrators have all rights. Print Operators also have all rights.
Figure 0729 : Printer Properties Security tab 24. Click the Add button (Figure 0729).
376
Figure 0730 : Add Users, Computers, or Groups wizard 26. Click Find Now button (Figure 0731).
377
27. Select Ocah Blue from the list and click OK button (Figure 0732).
Figure 0732 : Add Users, Computers, or Groups wizard Find Now 28. Click OK button (Figure 0733).
378
29. Give Ocah Blue full rights to this printer. This effectively makes her a manager for this printer (Figure 0734).
Figure 0734 : Printer Properties 30. After setting the rights as indicated, click OK button (Figure 0734).
379
EXERCISE 18.3 Locating Printers using Active Directory In this exercise, you will use Active Directory to locate printers. 32. Launch Active Directory Users and Computers. Click Start Administrative Tools Active Directory Users and Computers (Figure 0735).
Figure 0735 : Launch Active Directory Users and Computers 33. From the Menu bar, click Action Find (Figure 0736).
Figure 0736 : Active Directory Users and Computers 34. Choose Printers in the Find: list, and enter STKM in the Location: field (Figure 0737).
380
36. The search results will display all the printers installed and listed in your Active Directory. In the previous exercise, you have installed one printer and set the printer to be listed in the Active Directory. So the search results display only one printer founded (Figure 0738).
381
EXERCISE 18.4 Accessing The Printer From The Client Computer In this exercise, you will log on to the client computer and set up access to the shared printer on the server. 40. Log on to the client computer as ocah.blue (Figure 0739).
Figure 0739 : Log On To Server Using Client Workstation 41. Open Printers and Faxes. Click Start Printers and Faxes (Figure 0740).
382
42. Click the Add a printer icon to run the Add Printer Wizard (Figure 0741).
383
44. Select A network printer, or to another computer and click Next button (Figure 0743).
Figure 0743 : Add Printer Wizard Type of printer 45. Select Find a printer in the directory and click Next button (Figure 0744). This option makes finding a printer easier as you do not need to know the name of the server on which the printer is located.
384
46. Enter STKM in the Location: field and click Find Now button (Figure 0745).
Figure 0745 : Find Printer wizard 47. Select your printer from the search results list and click OK button (Figure 0746).
385
386
EXERCISE 18.5 Printing a File In this exercise, you will print a page to the printer. 49. Right-click the printer icon and select Properties (Figure 0748).
387
388
EXERCISE 18.6 Managing The Printer In this exercise, you will manage the printer by deleting all print jobs, and then pausing the printer. 53. Make the printer ERROR (open the printer tonner compartment door). 54. Launch Notepad. Click Start All Programs Accessories Notepad (Figure 0752).
389
55. Key-in your name in the Notepad text editor (Figure 0753).
Figure 0753 : Notepad text editor 56. Print the file. Click File Print (Figure 0754).
Figure 0754 : Notepad File Print 57. Select your printer and click Print button (Figure 0755).
390
58. Open Printers and Faxes. Click Start Printers and Faxes (Figure 0756).
59. Right-click the printer icon and select Pause Printing (Figure 0757).
391
60. Right-click the printer icon and select Cancel All Documents (Figure 0758).
392
63. Log on to the client computer as zul.akmal with akmal as his password (Figure 0760).
Figure 0760 : Notepad 64. Open Printers and Faxes. Click Start Printers and Faxes (Figure 0761).
393
65. Click the Add a printer icon to run the Add Printer Wizard (Figure 0762).
394
67. Select A network printer, or to another computer and click Next button (Figure 0764).
Figure 0764 : Add Printer Wizard Type of printer 68. Select Find a printer in the directory and click Next button (Figure 0765). This option makes finding a printer easier as you do not need to know the name of the server on which the printer is located.
395
69. Enter STKM in the Location: field and click Find Now button (Figure 0766).
Figure 0766 : Find Printer wizard 70. Select your printer from the search results list and click OK button (Figure 0767).
396
Figure 0768 : Add Printer Wizard - Finish 72. Right-click the printer icon and select Resume Printing (Figure 0769).
397
74. Why do you think this happened? Because in the previous exercise, you give Ocah Blue full rights to this printer. This effectively makes her a manager for this printer. Whilst other users ( everyone) only has print access.
Summary
In this exercise you established a network printer and connected to it using a client computer. A print manager responsible for the printer was established and you tested the printer and management functions. You also learnt to locate a printer using the search function of active directory.
398
Exercise 19
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
399
Backup In this exercise you will use the Backup utility provided with Windows Server 2008 to perform a selective backup of files. EXERCISE 19.1 Installing Windows Server Backup. 1. Log on to the server as Administrator (Figure 0771).
400
2. Launch the Server Manager. Click Start Administrative Tools Server Manager (Figure 0772).
Figure 0772 : Launch Server Manager. 3. Click Features Add Features (Figure 0773).
401
Figure 0774 : Add Features Wizard - Select Features 5. Click Next button (Figure 0774).
402
7. After finish installation of Windows Server Backup, the Add Features Wizard show the installation results. Make sure the result is success, if not you have to reinstall the features. Click Close button to continue (Figure 0776).
403
EXERCISE 19.2 Full Server Backup 9. Launch the Windows Server Backup. Click Start Administrative Tools Windows Server Backup (Figure 0777).
Figure 0777 : Launch the Windows Server Backup. 10. Click Backup Once (Figure 0778).
404
11. Select Different options and click Next button (Figure 0779).
12. Select Full server (recommended) option and click Next button (Figure 0780).
405
13. Select Local drives option and click Next butoon (Figure 0781).
14. Select drive D as your backup destination, but make sure the drive is NTFS formatted (Figure 0782).
406
16. Select VSS full backup option and click Next button (Figure 0783).
17. Check you backup configuration, make sure the backup items and the backup destination are correct. Click Backup button to start backup (Figure 0784).
407
18. After all files have been archived, the Backup Wizard displays a completion summary. Click Close button to close the Backup Wizard (Figure 0785).
408
EXERCISE 19.3 Restore Files and Folders In this exercise you will use the Backup utility provided with Windows Server 2008 to perform a restore of files and folder. 20. Launch the Windows Server Backup. Click Start Administrative Tools Windows Server Backup (Figure 0787).
Figure 0787 : Launch the Windows Server Backup. 21. Click Recover (Figure 0788).
409
22. Select This server option and click Next button (Figure 0789).
23. The Recovery Wizard will show the entire available backup. Backups are available for dates shown in bold. Select the date of a backup to use for recovery. Select the latest backup available (Figure 0790).
410
25. Select Files and folders option to restore files and folders. This option only can restore selected files and folder (Figure 0791). If you want to restore the entire volume, select Volumes option.
Figure 0791 : Recovery Wizard Select recovery type 26. Click Next button (Figure 0791).
27. Browse the folders tree to find the files or folders that you want to recover. Click an item to select it for recovery. Let try recover Common Files folder. Select Common Files folder and click Next button (Figure 0792).
411
28. Select Original location for the Recovery destination option and select Overwrite existing files with recovered files for the When this wizard finds files and folders in the recovery destination option (Figure 0793).
Figure 0793 : Recovery Wizard Specify recovery options 29. Click Next button (Figure 0793).
412
31. After all files have been restored, the Recovery Wizard displays a completion summary. Click Close button to close the Recovery Wizard (Figure 0795).
413
EXERCISE 19.4 Restore Volume In this exercise you will perform a restore an entire volume (all data stored on C: drive).
33. Insert the Windows Server 2008 DVD into your DVD drive. 34. Restart your Server. Click Start Restart (Figure 0797).
414
35. Select Hardware: Maintenance (Planned) and click OK button (Figure 0798).
36. Boot your PC using Windows Server 2008 DVD. 37. Language and Keyboard Options. Select your language and keyboard; and click Next button to continue (Figure 0799).
415
38. Windows Server 2008 Setup You are presented with options to Install, brief information about Server 2008 or repair (Figure 0800). Click Repair your computer to start System Recovery Wizard on this computer. (Figure 07).
39. Select an operating system to repair and click Next button (Figure 0801).
416
40. Click Windows Complete PC Restore option to restore entire server from a backup image (Figure 0802).
Figure 0802 : System Recovery Options Choose a recovery tool 41. Select Use the latest available backup (recommended) option and click the Next button (Figure 0803).
417
Figure 0804 : Windows Complete PC Restore wizard restore options 43. Click the Finish button to start restore (Figure 0805).
Figure 0805 : Windows Complete PC Restore wizard Start restore 44. Tick the I confirm that restore the backup option and click the OK button (Figure 0806).
418
45. At this point, take a break. The restoring process will continue on its own. This will take several minutes (Figure 0807).
46. Windows will automatically reboot your system after the restoring process complete. Press CTRL + ALT + DELETE to log on to your server (Figure 0808).
419
420
COMPUTER MANAGEMENT This is an administrative tool that allows you view the physical drives, file systems, partitions, and logical drives on the computer. This tool can also be used to check the file systems and defragment. EXERCISE 19.5 In this exercise you will use Computer Management to check the file system. If files are currently in use, Windows Server 2008 is unable to check the state of the file system, and will flag the file system for checking on the next reboot.
421
2. Launch Computer Management. Click Start Administrative Tools Computer Management (Figure 0811).
Figure 0811 : Launch Computer Management 3. Expand the Storage folder and select the Disk Management (Figure 0812).
422
Figure 0813 : Computer Management Disk Management 5. From the Properties window, click the Tools tab (Figure 0814). This tab displays options for you to check the file system, defragment the drive or backup files.
423
6. Click the Check Now button to check the drive for errors (Figure 0814).
7. Tick the option Automatically fix file system errors and click Start button (Figure 0815).
8. If C: drive is not in use, check disk will now scan the drive for errors. If the drive is in use, you will be presented with the option to schedule the disk check when the computer is restarted. Click Schedule disk check to continue (Figure 0816).
424
9. Use the same procedure to scan D: drive. Right click D: drive and select Properties (Figure 0817).
Figure 0817 : Computer Management Disk Management 10. From the Properties window, click the Tools tab. Then click the Check Now button to check the drive for errors (Figure 0818).
425
11. Tick the option Automatically fix file system errors and click Start button (Figure 0819).
12. If D: drive is not in use, check disk will now scan the drive for errors. If the drive is in use, you will be presented with the option to schedule the disk check when the computer is restarted. Click Schedule disk check to continue (Figure 0820).
426
427
14. Select Hardware: Maintenance (Planned) and click OK button (Figure 0822).
You will be able to observe the process of checking the file system occurring once the computer restarts (Figure 0823).
Figure 0823 : File system checking process Once this process has finish, the computer will restart and load Windows Server 2008. The file system should be checked on a regular basis for integrity by running Check disk. Unfortunately, this process often requires restarting the server. 15. Close all remaining windows. 16. Log off the server.
428
DEFRAGMENTING THE FILE SYSTEM Over a period of time, portions of files can become scattered over the surface of the disk and this makes accessing files slower. The process of defragmenting a disk involves moving the portions of each file back together so they are all next to each other. EXERCISE 19.6 In this exercise you will use Computer Management to defragment the current drive.
429
2. Launch Computer Management. Click Start Administrative Tools Computer Management (Figure 0825).
Figure 0825 : Launch Computer Management 3. Expand the Storage folder and select the Disk Management (Figure 0826).
430
Figure 0827 : Computer Management Disk Management 5. From the Properties window, click the Tools tab (Figure 0828). This tab displays options for you to check the file system, defragment the drive or backup files.
431
6. Click Defragment Now button (Figure 0828). 7. Click Defragment now button (Figure 0829).
8. Select all disks for defragment and click OK button (Figure 0830).
432
9. After the drive has been defragmented, click the Close button to close the Disk Defragmenter window (Figure 0831).
Defragmenting the file system should occur on a regular basis to ensure files can be accessed and loaded quickly. Files in use cannot be defragmented, so administrators should schedule this to occur during periods of inactivity. A heavily fragmented file system is often the cause of poor performance.
433
SAFE MODE Safe mode provides a means of recovering from loading device drivers that do not work properly. For instance, an administrator might install a new graphics card, and rather than let Windows Server 2008 install the appropriate drivers, may select an alternative driver. This can result in a system that results in an unreadable screen display. To recover from such a possibility, Windows Server 2008 provides Safe mode.
EXERCISE 19.7 In this exercise you will restart the computer in Safe Mode. This is a special mode only available when the computer is restarted and you press F8 before the computer starts loading Windows Server 2008.
434
435
3. Select Operating System: Reconfiguration (Planned) and click OK button (Figure 0834).
4. When the computer restarts, repeatedly press the F8 key while it displays the boot sequence at the bottom of the screen. You need to press F8 key before the Windows logo appears. If the Windows logo appears, you will need to try again (Figure 0835).
436
5. Select the Safe Mode option and press Enter (Figure 0836).
437
7. When your computer in safe mode, youll see the word Safe Mode in the corners of the display (Figure 0838).
438
8. After the computer has started in safe mode, shut the computer down. Click Start Shut Down (Figure 0839).
439
ACTIVE DIRECTORY SERVICE REPAIR MODE The active directory database is stored in the file ntds.dit in the folder NTDS. As changes occur to Active Directory over time, the database file becomes fragmented. An administrator should perform a backup of the Active Directory database file. In this exercise you will boot the computer using a startup option by pressing F8 at startup. This will allow you to enter a mode where you can repair the Active Directory files, or back-up and restore Active Directory. 9. Switch ON your server and repeatedly press the F8 key while it displays the boot sequence at the bottom of the screen. You need to press F8 key before the Windows logo appears. If the Windows logo appears, you will need to try again (Figure 0840).
440
10. Select the Directory Services Restore Mode option and press Enter (Figure 0841).
11. Press CTRL + ALT + DELETE and log on to the server as Administrator with Active Directory password you set in the earlier exercise - @xercisE (Figure 0842).
441
Backup Active Directory Service EXERCISE 19.8 In this exercise you will back-up Active Directory. 12. Launch the Run application. Click Start Run (Figure 0843).
13. Key-in cmd in the Open : box and click the OK button to launch the Command Prompt application (Figure 0844).
Figure 0844 : Run Windows 14. Access the C:\Windows\ntds folder Type the following command in command prompt: 14.1. cd\ and press Enter (Figure 0845).
442
443
15. Backup the Active Directory Service database by copying the ntds.dit file to a new file named ntdsbackup.dit Key-in the following command to back-up the ntds.dit file: copy ntds.dit ntdsbackup.dit and press Enter (Figure 0848).
16. Reconfirm the backup file is successfully created by typing the following command: dir/w and press Enter (Figure 0849).
444
Create The Active Directory Service Error EXERCISE 19.9 In this exercise you will create Active Directory error by deleting the Active Directory Service database file. 17. Delete the ntds.dit file by execute the following command: del ntds.dit and press Enter (Figure 0850).
445
19. Select Operating System: Reconfiguration (Planned) and click OK button (Figure 0852).
Could you log on to the server? Why this happened? This problem happened normally because the server cannot find the Active Directory Service database file or maybe the Active Directory Service database file is corrupted. In the earlier exercise you have deleted the Active Directory database file (ntds.dit) to create this problem. 20. Press CTRL + ALT + DELETE to restart your server.
446
21. When the computer restarts, repeatedly press the F8 key while it displays the boot sequence at the bottom of the screen. You need to press F8 key before the Windows logo appears. If the Windows logo appears, you will need to try again (Figure 0853).
22. Select the Directory Services Restore Mode option and press Enter (Figure 0854).
447
Restore Active Directory Service EXERCISE 19.10 In this exercise you will restore Active Directory. 23. Press CTRL + ALT + DELETE and log on to the server as Administrator with Active Directory password you set in the earlier exercise - @xercisE (Figure 0855).
24. Launch the Run application. Click Start Run (Figure 0856).
448
25. Key-in cmd in the Open : box and click the OK button to launch the Command Prompt application (Figure 0857).
26. Access the C:\Windows\ntds folder Type the following command in command prompt: 26.1. cd\ and press Enter (Figure 0858).
449
27. Restore the Active Directory Service by copying the ntdsbackup.dit file to ntds.dit file Key-in the following command to restore the ntds.dit file: copy ntdsbackup.dit ntds.dit and press Enter (Figure 0861).
450
28. Reconfirm the file is successfully restore by typing the following command: dir/w and press Enter (Figure 0862).
451
30. Select Operating System: Reconfiguration (Planned) and click OK button (Figure 0864).
Summary In this exercise you learn how to make a backup copy of the Active Directory database by copying it to another file. You also learn how to recover and restore the Active Directory database.
452
Exercise 20
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
453
EXERCISE 20.1 Installing DHCP Service. This will serve as a step-by-step guide on how to setup a DHCP server. 1. Log on to the server as Administrator (Figure 0865).
454
2. Launch the Server Manager. Click Start Administrative Tools Server Manager (Figure 0866).
455
5. On the Before You Begin page, review the requirements, and click the Next (Figure 0869).
456
6. On the Select Server Roles page, select the check box next to DHCP Server, and click the Next button (Figure 0870).
7. On the DHCP Server page, review the information, and click the Next button (Figure 0871).
457
8. On the Network Connection Binding page, select your server IP address and click the Next button (Figure 0872).
9. On the IPv4 DNS Server Settings page, review the information. Make sure all the information is correct. Click the Next button to continue (Figure 0873).
458
10. Select WINS is required for applications on this network option, and enter your server IP address in the Preferred WINS Server IP Address box. Click the Next button to continue (Figure 0874).
11. Create DHCP Scopes. Just click the Next button, we will create the DHCP scopes later (Figure 0875).
459
12. In this exercise you only use IPv4, so select Disable DHCPv6 stateless mode for this server option and click the Next button to continue (Figure 0876).
13. Select the Use current credentials option and click the Next button (Figure 0877). This option specifies the credentials of the current user will be used to authorize the DHCP server in AD DS.
460
14. On the Confirm Installation Selections page, click Install button (Figure 0878).
461
15. On the Installation Result page, review the information. Click Close to continue (Figure 0880).
462
EXERCISE 20.2 Creating a Range of Address: DHCP Scopes. In this exercise you will specify range of IP address 17. Launch the DHCP manager. Click Start Administrative Tools (Figure 0881).
18. Double-click on the server icon to expand the domain (Figure 0882).
463
20. On the Action menu, click New Scope to start New Scope wizard (Figure 0884).
464
21. New Scope Wizard window. Click the Next button to continue (Figure 0885).
22. Scope Name. Enter DHCP 1 3 as the Name of the scope and DHCP range for 3 host as the Description (Figure 0886).
Figure 0886 : New Scope Wizard Scope Name 23. Click the Next button to continue (Figure 0886).
465
24. Specifying IP Address Range. Now you will configure DHCP service and limit it to 3 hosts. Define the scope address range as following (Figure 0887): Start IP address End IP address : 192.168.2. Server Number : 192.168.2. Server Number + 2
Figure 0887 : New Scope Wizard IP Address Range 25. Configure the Length and Subnet mask as the following (Figure 0887): Length : 24 Subnet mask : 255.255.255.0
You can specify the subnet mask by length or as an IP address. A subnet mask defines how many bits of an IP address to use for the network/subnet IDs and how many bits to use for the host ID. In this exercise we use class C default subnet (255.255.255.0), which is equal to 24 bit length. You can learn more about this under IP address Subnetting topic.
466
27. IP Address Exclusions. IP Address Exclusions are addresses or a range of addresses that are not distributed by the DHCP server. In your DHCP IP address range, you set a range for 3 hosts. If you notice, the first IP address is your server IP address. If you not exclude your server IP address, the DHCP server will distribute all the IP address in the range including your server IP address. Later you will faces with the IP conflict problem. To prevent this, you have to exclude your server IP address. To exclude a single address, type an address in Start IP address only. So, enter your server IP address at the Start IP address: box to exclude it IP from distributed by the DHCP server and click the Add button (Figure 0888).
467
Figure 0889 : New Scope Wizard IP Address Exclusions 29. Lease Duration. The lease duration specifies how long a client can use an IP address from scope. Lease durations should typically be equal to the average time the computer is connected to the same physical network. Let set the lease duration to 8 hours this equal to 8 hour working time per day. Click the Next button to continue (Figure 0890).
468
30. DHCP Options. DHCP can provide default values for a whole host of TCP/IP parameters, including these basic items:o o o o Default Gateway Domain Name DNS Server WINS Server
Select Yes, I want to configure these options now and click the Next button to start configure the DHCP options (Figure 0891).
469
31. Router (Default Gateway) In the previous exercise I use another server as the router (192.168.2.25). You can use the same router or you can use your server router or another router to be distributed by this scope. I will use the same router for this scope in this exercise (192.168.2.25). To add an IP address for a router used by client, enter the address in the IP address: box and click the Add button (Figure 0892).
Figure 0892 : New Scope Wizard Router (Default Gateway) 32. Click the Next button to continue (Figure 0893).
470
33. Domain Name and DNS Servers. 33.1. Set the Parent domain: same as your domain name. In this exercise, my domain name is myserver.com (Figure 0894). 33.2. Set the Server name: same as your DNS server name (myserver.com) and click the Resolve button to resolve the DNS server IP address (Figure 0894).
Figure 0894 : New Scope Wizard Parent domain and Server name 33.3. Click the Add button to add the DNS server IP address to the DNS server IP address list (Figure 0895).
471
Figure 0896 : New Scope Wizard Domain Name and DNS Servers
472
34. WINS Servers. Computers running Windows can use WINS servers to convert NetBIOS computer names to IP address. Entering WINS server IP address here enables Windows clients to query WINS before they use broadcasts to register and resolve NetBIOS names. 34.1. Set the Server name: same as your WINS server name (myserver.com) and click the Resolve button to resolve the WINS server IP address (Figure 0897).
Figure 0897 : New Scope Wizard WINS server name 34.2. Click the Add button to add the WINS server IP address to the WINS server IP address list (Figure 0898).
473
35. Activate Scope. This is the last configuration for the new scope. Clients can obtain address leases only if a scope is activated. Select Yes, I want to activate this scope now and click the Next button (Figure 0900).
474
36. Completing the New Scope Wizard. Click the Finish button to close the New Scope Wizard (Figure 0901).
Congratulation! You have successfully completed creating the New DHCP Scope (Figure 0902).
Figure 0902 : DHCP Manager 37. Close the DHCP manager. 38. Log off the server.
475
EXERCISE 20.3 Testing The DHCP Server. In this exercise you will test your DHCP server functionality. 39. Log on to the client computer using a local administrator account. Enter the User name: as Administrator and select Log on to : CLIENTXP61 (this computer) and click the OK button to log on (Figure 0903).
Figure 0903 : Windows XP Log On Screen 40. Launch Network Connections application program. Click Start All Programs Accessories Communications Network Connections (Figure 0904).
476
41. Right click Local Area Connection and select Properties (Figure 0905).
Figure 0905 : Local Area Connection 42. Double click Internet Protocol (TCP/IP) (Figure 0906).
477
43. Set your client to get IP address automatically from DHCP server by selecting the Obtain an IP address automatically option and Obtain DNS server address automatically option (Figure 0907).
Figure 0907 : Internet Protocol (TCP/IP) Properties 44. Click the OK button to save the setting (Figure 0907).
45. Click the OK button (Figure 0908) and close all the remaining windows.
478
46. Launch the Run application. Click Start Run (Figure 0909).
Figure 0909 : Launch the Run Application 47. Key-in cmd in the Open : box and click the OK button to launch the Command Prompt application (Figure 0910).
479
48. List the client computer IP configuration by typing the following command: ipconfig and press Enter (Figure 0911).
Figure 0911 : Command Prompt ipconfig This will display the IP address, subnet mask and default gateway for your ethernet adapter (Figure 0912).
Figure 0912 : Command Prompt IP Configuration Now your client computer is set to obtain an IP address automatically from DHCP server. So you can see the IP address has changed accordingly to the IP range you have set in the DHCP server setting earlier. 49. Log off the client computer.
Summary
In this exercises, you are setting up a DHCP server. The DHCP server provides you with an easy way of assigning IP addresses to workstations on your network. You were shown how to install and configure a DHCP Server and how to avoid overlapping scopes.
480
Exercise 21
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
481
482
EXERCISE 21.1 Installing Internet Information Services (IIS). 1. Log on to the server as Administrator (Figure 0913).
Figure 0913 : Administrator Login 2. Launch the Server Manager. Click Start Administrative Tools Server Manager (Figure 0914).
483
484
5. On the Before You Begin page, review the requirements, and click the Next (Figure 0917).
Figure 0917 : Add Roles Before You Begin 6. On the Select Server Roles page, select the check box next to the Web Server (IIS) (Figure 0918).
485
7. If you are asked to add features for Web Server (IIS), just click the Add Required Features button to add the features. You cannot install Web Server (IIS) unless the required features are also installed (Figure 0919).
Figure 0919 : Add Roles Add Required Features 8. Click the Next button to continue (Figure 0920).
486
9. On the Web Server (IIS) page, review the information, and click the Next button (Figure 0921).
10. Role Services. Just use the default setting and click the Next button to continue (Figure 0922).
487
11. On the Confirm Installation Selections page, click Install button (Figure 0923).
488
12. On the Installation Result page, review the information. Click Close to continue (Figure 0925).
489
Configuring Web Server. IIS creates a default Web site configuration on your hard disk at the time of installation. You can use the C:\inetpub\wwwroot directory to publish your Web content, or create any directory or virtual directory you choose. Creating a Web site using IIS Manager does not create content, but merely creates a directory structure and configuration files from which to publish the content. EXERCISE 21.2 Use the default Web site. 14. Log on to the server as Administrator (Figure 0926).
490
15. Launch the Internet Information Services (IIS) Manager. Click Start Administrative Tools Internet Information Services (IIS) Manager (Figure 0927).
16. In the Internet Information Services (IIS) Manager, expand your server (Figure 0928).
491
Figure 0929 : Internet Information Services (IIS) Manager - Sites You can see, IIS already create a default Web site on your hard disk. The default folder for the default Web site is set to the C:\inetpub\wwwroot folder. 18. View the default web page. Click Default Web Site and click the Browse *:80 (http) link (Figure 0930).
492
19. The windows will launch the Internet Explorer. You can see the address on the address bar is http://localhost/ and a picture with the word IIS7 at the middle of the page. This means your Web Server and your Default Web Site is running successfully (Figure 0931).
493
21. View contents of the default web folder. On the IIS Manager, click the Explore link (Figure 0932).
22. The Windows Explorer shows the path of the Default Web Folder. There are only two files listed under C:\inetpub\wwwroot folder (Figure 0933): iisstart.htm welcome.png HTML document image file
Figure 0933 : Windows Explorer - Default Web Folder 23. Close the Windows Explorer.
494
EXERCISE 21.3 Change the Default Web Folder. In this exercise you will change the default Web folder from C:\inetpub\wwwroot to D:\mywebserver. 24. Click Default Web Site and click the Basic Settings link (Figure 0934).
495
26. Select Local Disk (D:) and click the Make New Folder button (Figure 0936).
27. Rename the folder name to mywebserver and click the OK button (Figure 0937).
Figure 0937 : Edit Site - Browse For Folder - Make New Folder
496
28. Make sure the Physical path: is D:\mywebserver. If correct, click the OK button to continue (Figure 0938).
497
EXERCISE 21.4 Create a Simple Web page. In this exercise you will create a simple web page to act as your first web page and the file to the D:\mywebserver folder. 29. Launch Notepad Editor. Click Start All Programs Accessories Notepad (Figure 0939).
498
30. Type the following text into the file (Figure 0940):
<html> <head> <title>Web Server</title> </head> <body> <p><h1>Welcome To My Web Server</h1></p> </body> </html>
31. Save document as index.htm. 31.1. Click File Save As (Figure 0941).
499
31.2.
31.3.
500
31.4.
31.5.
31.6.
Close the Notepad Editor (Figure 0945) and log off the server.
501
EXERCISE 21.5 Test the Web Server. In this exercise you will test the functionality of your Web server using client workstation. 32. Log on to the client computer as Administrator (Figure 0946).
Figure 0946 : Windows XP Log On Screen 33. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure 0947).
502
34. On the Address box, key-in http://yourdomain.com (e.g. http://myserver.com) and click the Go button (Figure 0948).
503
EXERCISE 21.6 Create a New Web Site. In this exercise you will create a new Web site for your web server.
37. Launch Windows Explorer. Click Start Right-click Computer select Explore (Figure 0950).
504
Figure 0951 : Windows Explorer D Drive 39. Create a new folder named newwebSN (SN represents youre Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be newweb21. 39.1. Right-click D drive select New Folder (Figure 0952).
505
39.2.
40. Launch Notepad Editor. Click Start All Programs Accessories Notepad (Figure 0954).
506
41. Type the following text into the file (Figure 0955):
<html> <head> <title>New Web Site</title> </head> <body> <p><h1 align="center">Welcome To My New Web Site</h1> <h3 align="right">Hosted by My <font color="#FF0000">Web Server</font></h3></p> </body> </html>
42. Save document as default.htm. 42.1. Click File Save As (Figure 0956).
507
42.2.
42.3.
508
42.4.
42.5.
42.6.
Close the Notepad Editor (Figure 0960) and all remaining window.
509
43. Launch the Internet Information Services (IIS) Manager. Click Start Administrative Tools Internet Information Services (IIS) Manager (Figure 0961).
44. In the Internet Information Services (IIS) Manager, expand your server (Figure 0962).
510
45. Right-click the Sites folder and select Add Web Site (Figure 0963).
46. In the Site name: box, type the name of your site (e.g. Tutorial Site) (Figure 0964).
511
47. In the Physical path: box, type or browse to the directory that contains the site content (D:\newweb21) (Figure 0965).
48. Select your Web server IP address from IP Address: drop-down menu (Figure 0966).
512
49. Enter Host name: as www.myserver.com for this site, and click the OK button (Figure 0967).
50. On IIS Manager, Select the new web site (Tutorial Site) and click the Start button to start the new web site service (Figure 0968).
513
EXERCISE 21.7 Configure DNS Service for Host Name. In this exercise you will configure host name for your new Web site. 51. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 0969).
52. Double-click the computer icon to expand the DNS Server (Figure 0970).
514
53. Expand the Forward Lookup Zones; right click myserver.com and select New Host (A or AAAA) (Figure 0971).
Figure 0971 : Create New Host 54. In the Name box, type www (Figure 0972). 55. Enter IP address for your Web server (www.myserver.com) and make sure you select the Create associated pointer (PTR) record option (Figure 0972).
Figure 0972 : New Host 56. Click Add Host (Figure 0972).
515
58. Click Done button to exit New Host Wizard (Figure 0974).
516
EXERCISE 21.8 Test the New Web Site on Web Server In this exercise you will test the functionality of your New Web Site from client workstation. 61. Log on to the client computer as Administrator (Figure 0976).
Figure 0976 : Windows XP Log On Screen 62. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure 0977).
517
63. On the Address box, key-in http://www.yourdomain.com (e.g. http://www.myserver.com) and click the Go button (Figure 0978).
64. Your new web site page will appear in the browser (Figure 0978).
Summary
Whether your site is on an intranet or the Internet, the principles of providing content are the same. You place your Web files in directories on your server so that users can establish an HTTP connection and view your files with a Web browser. But beyond simply storing files on your server, you must manage how your site is deployed, and more importantly, how your site evolves. Today, an engaging Web site is seldom a static collection of pages. Most successful Web administrators are kept busy accommodating ever changing Web content. Each Web site must have a home directory. The default Web site home directory is LocalDrive:\inetpub\wwwroot. You can change a Web site home directory using IIS Manager.
518
Exercise 22
Zulfadli Bin Mohd Saad Computer Engineering Technology, Department of Electronic MARA Vocational Institute, Lumut, Perak.
519
EXERCISE 22.1 Installing FTP Server. 1. Log on to the server as Administrator (Figure 0979).
520
2. Launch the Server Manager. Click Start Administrative Tools Server Manager (Figure 0980).
Figure 0980 : Launch Server Manager. 3. In Server Manager, select Roles (Figure 0981).
521
4. Scroll down until you reach the Web Server (IIS) section (Figure 0982). 5. Click the Add Role Services at the Role Services: section (Figure 0982).
522
6. On the Select Role Services page, select the check box next to the FTP Publishing Service (Figure 0983).
7. If you are asked to add role services for FTP Publishing Service, just click the Add Required Role Services button to add the role services. You cannot install FTP Publishing Service unless the required role services are also installed (Figure 0984).
523
Figure 0985 : Role Services FTP Publishing Service 9. On the Confirm Installation Selections page, click Install button to start installation process (Figure 0986).
524
10. On the Installation Result page, review the information. Click Close to continue (Figure 0988).
525
526
13. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure 0990).
14. In the Internet Information Services (IIS) 6.0 Manager, expand your server (Figure 0991).
527
Figure 0992 : Internet Information Services (IIS) 6.0 Manager FTP Sites You can see, IIS already create a default FTP site on your hard disk. The default folder for the default FTP site is set to the C:\inetpub\ftproot folder.
16. Right-click the Default FTP Site and select Properties (Figure 0993).
528
17. On the FTP Site tab, under FTP site description, type the name of your FTP site in the Description: box. (e.g. Server 21 FTP Site) and select IP address for your FTP site (Figure 0994).
Figure 0994 : Default FTP Site Properties 18. Click the OK button. The name of the new site appears in IIS 6.0 Manager (Figure 0995).
Figure 0995: IIS 6.0 Manager Server 21 FTP Site 19. Click the Refresh button and close the IIS 6.0 Manager.
529
EXERCISE 22.3 Change the FTP Site Home Directories. Each FTP site on a computer must have its own home directory. The default home directory for the default FTP site is LocalDrive:\inetpub\ftproot.
There are two ways to change the home directory of an FTP site:
But in this exercise we only use IIS Manager. 20. Make sure you are log on to the server as Administrator. 21. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure 0996).
530
22. In the Internet Information Services (IIS) 6.0 Manager, expand your server (Figure 0997).
Figure 0997 : Internet Information Services (IIS) Manager 23. Expand the FTP Sites folder (Figure 0998).
Figure 0998 : Internet Information Services (IIS) 6.0 Manager FTP Sites 24. Make sure the FTP Site service is stop. Right-click the Server 21 FTP Site and select Stop (Figure 0999).
531
25. Right-click the Server 21 FTP Site again, and select Properties (Figure 1000).
Figure 1000 : IIS 6.0 Manager Server 21 FTP Site 26. Click the Home Directory tab (Figure 1001).
532
27. Select the A directory located on this computer option, and enter the location of your ftp home directory in the Local path: box (e.g. D:\newweb21) or press the Browse button to find the location of your ftp home directory (Figure 1002).
Note: If you select a directory on a network share, you might need to enter a user name and password to access the resource. IUSR_computername is the default account used if another account is not specified. If you use an account with administrative credentials on the server, clients can gain access to server operations. This seriously jeopardizes the security of your network. For more information on security see, Security Best Practices in Windows Help. 28. Click the OK button (Figure 1002).
533
29. Right-click the FTP site youve just configured, and select Start (Figure 1003).
Figure 1003 : IIS 6.0 Manager Server 21 FTP Site 30. Click the Yes button to start the FTP Server service (Figure 1004).
Figure 1004 : IIS 6.0 Manager Start Server 21 FTP Site 31. Click the Refresh button and close the IIS 6.0 Manager.
534
EXERCISE 22.4 Create a Text Document in FTP Home Directory. 32. Launch the Windows Explorer and go to the FTP Home Directory (e.g. D:\newweb21) (Figure 1005).
33. Create a new text document inside FTP Home Directory and rename the text document as testing.txt. 33.1. Right-click in the windows and select New Text Document (Figure 1006).
535
34. Right click testing.txt file and select Edit. This will load the Notepad Editor (Figure 1007).
35. Type the following text into the file (Figure 1008): This only test document to test the FTP server.
36. Save the file by pressing Ctrl + S key and close the file. 37. Close all the remaining window. 38. Log off the server.
536
EXERCISE 22.5 Test The FTP Site. 39. Log on to the client computer as Administrator (Figure 1009).
Figure 1009 : Windows XP Log On Screen 40. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure 1010).
537
41. On the Address box, key-in ftp://www.yourdomain.com (e.g. ftp://www.myserver.com) and click the Go button (Figure 1011).
Figure 1011 : Internet Explorer - ftp://www.myserver.com 42. Your FTP site will appear in the browser (Figure 1011). 43. Attempt to create a new folder (right click in the window and select New Folder) (Figure 1012).
Figure 1012 : ftp://www.myserver.com Create New Folder Could you create the folder? YES / NO
538
If NO, why do you think this happened? This happened because you log on to the FTP server as guest (anonymous user). By default, FTP server only allow read permission to anonymous user. And we also not configure the FTP server to allow any user to have write permission on the FTP server.
44. Close all window. 45. Log off the client computer.
539
EXERCISE 22.6 Configure The FTP Server to Allow User to Upload or Modify File and Directory. 46. Log on to the server as Administrator (Figure 1013).
Figure 1013 : Administrator Login 47. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure 1014).
540
48. In the Internet Information Services (IIS) 6.0 Manager, expand your server (Figure 1015).
Figure 1015 : Internet Information Services (IIS) Manager 49. Expand the FTP Sites folder (Figure 1016).
Figure 1016 : Internet Information Services (IIS) 6.0 Manager FTP Sites 50. Right-click the Server 21 FTP Site again, and select Properties (Figure 1017).
541
51. Click the Home Directory tab. Under the FTP site directory, tick the Write option (Figure 1018).
542
EXERCISE 22.7 Test The FTP Site. 54. Log on to the client computer as Administrator (Figure 1019).
Figure 1019 : Windows XP Log On Screen 55. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure 1020).
543
56. On the Address box, key-in ftp://www.yourdomain.com (e.g. ftp://www.myserver.com) and click the Go button (Figure 1021).
Figure 1021 : Internet Explorer - ftp://www.myserver.com 57. Your FTP site will appear in the browser (Figure 1021). 58. Attempt to create a new folder (right click in the window and select New Folder) (Figure 1022).
Figure 1022 : ftp://www.myserver.com Create New Folder Could you create the folder? YES / NO
544
59. Now try copy any file and paste it to this FTP site. Could you paste any files? YES / NO
Why do you think this is so? You should be could paste a files to the FTP site because you have given permission to everyone to read and write to the FTP site.
60. Close all window. 61. Log off the client computer.
545
546
2. Launch Network and Sharing Center. Click Start Right click Network Properties (Figure 1024).
Figure 1024 : Network Properties 3. Under myserver.com (Domain network), click View status (Figure 1025).
547
4. Click Properties button to open Local Area Connection Properties (Figure 1026).
5. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button (Figure 1027).
548
7. Select the IP Settings tab (Figure 1029). 8. Under IP addresses field, click Add button (Figure 1029).
549
9. Enter second IP address for your server [e.g. 192.168.2.24] (Figure 1030).
Figure 1030 : TCP/IP Address 10. Enter your subnet mask number (e.g. 255.255.255.0) and click the Add button (Figure 1030).
11. As you can see, now your server has 2 IP address (Figure 1031).
Figure 1031 : Advanced TCP/IP Setting - IP Settings 12. Click the OK button (Figure 1031).
550
551
552
EXERCISE 22.8.1 Creating New FTP Site for Specific User Using Multiple IP Address. FTP Site can be set to be login only by specific user. You can allow specific users to establish an FTP connection and transfer files with an FTP client or FTP-enabled Web browser. But beyond simply storing files on your server, you must manage how your site is deployed, and more importantly, how your site evolves. This section presents the basics of managing the infrastructure of an FTP site, from securing your site to hosting multiple sites. This exercise to help administrators, and particularly Internet hosting providers, efficiently secure and commercialize the FTP services for their customers. Let's say we want to set Ain Syahmi as administrator for the Student FTP Site.
553
18. Launch Windows Explorer. Click Start Right-click Computer select Explore (Figure 1036).
554
20. Create a new folder named StudentSN (SN represents youre Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be Student21. 20.1. Right-click D drive select New Folder (Figure 1038).
20.2.
555
21. View the default permission of your Student21 folder. Right-click D:\Student21 folder, and select Properties (Figure 1040).
Figure 1040 : Windows Explorer D:\Student21 22. Click the Security tab. You should see your default folder security setting permissions for your new Student21 folder (Figure 1041).
556
23. Delete all users except Administrator. 23.1. Click the Advanced button (Figure 1042).
Figure 1042 : Student21 Properties 23.2. Click the Edit button (Figure 1043).
557
23.3. Uncheck the check box Include inheritable .. objects parent (Figure 1044).
23.4. Windows Security warnings appear, click Remove button to confirm remove the inheritable permission (Figure 1045).
558
559
24. Add Ain Syahmi and set her permissions. 24.1. Click the Edit button (Figure 1048).
Figure 1048 : Student21 Properties 24.2. Click the Add button (Figure 1049).
560
24.3. Key-in Ain Syahmi to add Ain Syahmi and click Check Names button. (Figure 1050).
Figure 1050 : Select Users, Computer, or Groups window 24.4. Click the OK button (Figure 1051).
561
24.5. Give Ain Syahmi Full Control of this FTP site because we want her to act as administrator for the Student FTP Site. Click the OK button after finish configure (Figure 1052).
24.1. Click the OK button to close the Student21 Properties (Figure 1053).
Figure 1053 : Student21 Properties 25. Close all the remaining windows.
562
EXERCISE 22.8.2 Creating New FTP Site Student FTP Site. 26. Make sure youre log on to the server as Administrator. 27. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure 1054).
28. In the Internet Information Services (IIS) 6.0 Manager, expand your server (Figure 1055).
563
29. Right-click the FTP Sites folder, and select New FTP Site (Figure 1056).
Figure 1056 : Internet Information Services (IIS) 6.0 Manager FTP Sites
30. FTP Site Creation Wizard appears. Click the Next button (Figure 1057).
564
31. FTP Site Description dialog boxes appear. Key-in Student FTP Site in the Description: box and click the Next button (Figure 1058).
32. Now the wizard asking for IP Address and Port Setting, key-in your server second IP address (e.g. 192.168.2.24) and use the TCP port default setting (Default = 21) . Click the Next button to continue (Figure 1059).
Figure 1059 : FTP Site Creation Wizard - IP Address and Port Setting
565
33. In the FTP User Isolation dialog box, select Do not isolate users, and click Next button (Figure 1060).
Figure 1060 : FTP Site Creation Wizard - FTP User Isolation 34. Set the FTP Site Home Directory. Under the Path: field, key-in the FTP site home directory (e.g. D:\Student21) and click he Next button (Figure 1061).
Figure 1061 : FTP Site Creation Wizard - FTP Site Home Directory
566
35. Set the FTP Site Access Permissions to Read and Write to allow user upload and modify the FTP site contents, and then click the Next button to continue (Figure 1062).
Figure 1062 : FTP Site Creation Wizard - FTP Site Access Permissions 36. Click the Finish button to close the FTP Site Creation Wizard (Figure 1063).
Figure 1063 : FTP Site Creation Wizard - Finish 37. Log off the server.
567
EXERCISE 22.8.3 Configure DNS Service for Host Name. In this exercise you will configure host name for your new FTP site (Student FTP Site). 38. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 1064).
39. Double-click the computer icon to expand the DNS Server (Figure 1065).
568
41. Right click myserver.com and select New Host (A or AAAA) (Figure 1067).
569
42. In the Name box, type ftpstudent (Figure 1068). 43. Enter IP address for your Student FTP Site (ftpstudent.myserver.com) and make sure you select the Create associated pointer (PTR) record option (Figure 1068).
Figure 1068 : New Host 44. Click Add Host (Figure 1068).
570
46. Click Done button to exit New Host Wizard (Figure 1070).
571
EXERCISE 22.8.4 Test FTP Site for Specific User Using Internet Browser. 49. Log on to the client computer as Administrator (Figure 1072).
Figure 1072 : Windows XP Log On Screen 50. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure 1073).
572
51. On the Address bar, key-in ftp://ftpstudent.yourdomain.com (e.g. ftp://ftpstudent.myserver.com) and click the Go button (Figure 1074).
Figure 1074 : Internet Explorer - ftp://ftpstudent.myserver.com 52. You will be asking for username and password. Key-in ain.syahmi as username and ain for password. Click the Log On button (Figure 1075).
573
53. Your FTP site will appear in the browser (Figure 1076).
Figure 1076 : ftp://ftpstudent.myserver.com 54. Use Windows explorer to access the C:\Windows\Web\Wallpaper folder. 55. Click on the file Azul.bmp; drag and drop it into the Student FTP Site window (Figure 1077).
574
56. Now try copy any files and paste it to this FTP server. Could you paste any files? YES / NO 57. Try to delete the Azul.bmp file (Figure 1078).
Figure 1078 : ftp://www.myserver.com Delete File What happen? Could you delete the files? YES / NO You should can copy and delete files in this FTP site because you have given permission to Ain Syahmi with Full Control permissions.
575
EXERCISE 22.8.5 Test FTP Site for Specific User Using Command Prompt. 59. Launch the Run application. Click Start Run (Figure 1079).
60. Key-in cmd in the Open : box and click the OK button to launch the Command Prompt application (Figure 1080).
576
61. At command prompt, key-in ftp ftpstudent.yourdomain.com (e.g. ftp ftpstudent.myserver.com) and press Enter (Figure 1081).
Figure 1081 : Command Prompt ftp log on 62. You'll be asking to enter the username. Key-in ain.syahmi as username and ain for password (Figure 1082).
Figure 1082 : Command Prompt ftp ain.syahmi log in 63. Key-in ls and press Enter to display contents of the Student FTP site contents (Figure 1083).
577
64. Attempt to upload file from C:\Windows\Web\Wallpaper\Ascent.jpg to the Student FTP Site. Use the following command to upload the file (Figure 1084): put C:\Windows\Web\Wallpaper\Ascent.jpg and press Enter.
Figure 1084 : Command Prompt upload file to FTP server 65. Key-in ls and press Enter to display contents of the Student FTP site contents (Figure 1085).
Figure 1085 : Command Prompt ftp content list You can see the file is successfully uploaded to the FTP server.
578
66. Now attempt to change the name of the Ascent.jpg file to AaBbCc.jpg in the Student FTP Site. Use the following command to rename the file (Figure 1086): rename Ascent.jpg AaBbCc.jpg and press Enter.
Figure 1086 : Command Prompt rename file 67. Key-in ls and press Enter to display contents of the Student FTP site contents (Figure 1087).
Figure 1087 : Command Prompt ftp content list You can see the Ascent.jpg file is successfully renamed to AaBbCc.jpg.
68. Now attempt to download AaBbCc.jpg file from the Student FTP Site. Use the following command to download (Figure 1088): get AaBbCc.jpg and press Enter.
579
69. Key-in Bye and press Enter to logout from FTP server (Figure 1089).
70. Close the Command Prompt. 71. Lunch the Windows Search application. Click Start Search (Figure 1090).
580
73. Key-in the filename you want to search (e.g. AaBbCc.jpg) in the All or part of the file name: box and click the Search button (Figure 1092).
581
74. You should got one file name AaBbCc after finish the search process. If you want to know the location of the file, place your mouse pointer on the top of the file and the short summary about the file will appear (Figure 1093).
Figure 1093 : Search Results Normally, all the download files are store in the user home folder. 75. Close all windows and log off the client computer.
Summary
In this exercise you have learn how to:
Changing FTP Site Home Directories: Describes the concept of a home directory and methods for changing the home directory of an FTP site. Naming FTP Sites: Describes assigning a descriptive name to an FTP site. Stopping and Starting FTP Sites: Describes why you would need to stop and restart your FTP sites and how to perform these actions. Changing Default FTP Site Settings: Describes how to change default settings globally or on an individual site. Creating Multiple FTP Sites: Describes how to use IP addresses or port numbers to differentiate multiple FTP sites. Adding FTP Sites to Your Server: Describes the process of adding a new FTP site to a server running IIS. Securing FTP Sites: Describes some of the misconceptions about FTP security and how to establish a secure FTP site. Isolating FTP Users: Describes the concept of FTP user isolation and which type of isolation to use to restrict users to their own directories.
582