Configuring Automatic Updates Through Group Policy

The Automatic Updates client will, by default, connect to the Microsoft Windows Update server. After you have installed WSUS in your organization, you can direct Automatic Updates to connect to specific intranet WSUS servers by configuring the registry of clients manually or by using Windows Update group policies. To configure Automatic Updates using GPOs, open a GPO and navigate to the Computer Configuration Administrative Templates Windows Components Windows Update node. The Windows Update...

Per Device or Per User Licensing

The Per Device or Per User licensing mode varies from the Per Seat scheme of previous versions of Windows. In this new mode, each device or user that connects to a server requires a CAL, but with that license, the device or user can connect to a number of servers in the enterprise. Per User or Per Device mode is generally the mode of choice for distributed computing environments in which multiple users access multiple servers. Note The licensing tools and the user interface do not yet...

Lesson Restoring Data

In conjunction with the design of a backup strategy, you must create and verify restore procedures to ensure that appropriate personnel are knowledgeable in the concepts and skills that are critical to data recovery. This lesson will share the processes and options available for restoring data using the Backup Utility. After this lesson, you will be able to Restore data to its original location or to an alternate folder Configure restore options Estimated lesson time 10 minutes

Troubleshooting Lab

At 1 00 P.M. on Tuesday, a user in the Finance Department contacts you to let you know that he accidentally deleted some files from the Finance folder. You are confident that the backup procedure you established will help you recover the deleted files. However, you also want to ensure that you don't roll back any files that had been changed today, after the overnight backup job was executed. In this lab, you will simulate the workflow that creates such a scenario, and then you will recover the...

Exercise Modify Multiple User Objects Properties

Open Active Directory Users And Computers and navigate to the Contoso.com Employees OU. Select the Employees OU in the tree pane, which will list the user objects you created in Exercise 1 in the details pane. 2. Select Dan Holme's user object. 3. Hold the CTRL key and select Hank Carbeck's user object. 4. Click the Action menu, and then click Properties. 5. Notice the difference between the Properties dialog box here, and the more extensive properties dialog box you explored in Exercise 2....

Deleting and Disabling and Resetting Computer Accounts

Computer accounts, like user accounts, maintain a unique SID, which enables an administrator to grant permissions to computers. Also like user accounts, computers can belong to groups. Therefore, like user accounts, it is important to understand the effect of deleting a computer account. When a computer account is deleted, its group memberships and SID are lost. If the deletion is accidental, and another computer account is created with the same name, it is nonetheless a new account with a new...

Objective Questions

What is the difference between a Windows Device CAL and a Windows User CAL (Choose all that apply.) A. A Windows Device CAL allows a device, such as a workstation, to connect to a server regardless of how many users use that device. B. A Windows Device CAL allows a single user to connect to multiple servers so long as they use only a single workstation. C. A Windows User CAL allows a single user to access a server from multiple devices, such as workstations. D. A Windows User CAL allows a...

Case Scenario Exercise

You are configuring an update strategy for a network consisting of 1000 clients running a mix of Windows XP and Windows 2000. Your goal is to prevent users from downloading updates directly from Microsoft Update and to create a structure in which you can approve critical patches and security rollups for distribution. You have recently purchased desktops and laptops, and you have applied the corporate standard image to those systems. Unfortunately, the image was created a while ago. The Windows...

Introducing Microsoft Windows Server

This chapter does not cover specific exam objectives. After introducing the Microsoft Windows Server 2003 family of products, this chapter covers some installation and configuration considerations with a focus on what you need to know for the 70-290 certification exam. The purpose of this book is to empower you to manage and maintain a Microsoft Windows Server 2003 environment, and to prepare you effectively for the 70-290 certification examination. Although it is assumed that you have...

Exercise Configuring NTFS Permissions

Open the c docs folder that you shared in Lesson 1's practice. 2. Create a folder called Project 101. 3. Create domain local security groups to manage access to the folder. Using Active Directory Users And Computers, create the following domain local security groups in the Security Groups OU Project 101 Contributors and Project 101 Editors. 4. To manage access using these groups, add global groups representing employee roles to the two domain local groups you just created. Add the Project 101...

Page Lesson Review

You're administering a computer running Windows Server 2003 configured as a print server. Users in the Marketing group complain that they cannot print documents using a printer on the server. You view the permissions in the printer's properties. The Marketing group is allowed Manage Documents permission. Why can't the users print to the printer a. The Everyone group must be granted the Manage Documents permission. b. The Administrators group must be granted the Manage Printers permission. c....

Recovering from Device Disaster

Occasionally, when you install or upgrade a device driver, the device might not function properly or might cause conflicts with other devices on the system. Depending on the role of the device, the effect of the problem will range from annoying to catastrophic. A faulty configuration of a core system component, such as a video device, can render the computer unusable. Rolling back the driver, after all, is difficult if you cannot see the screen. Thankfully, there are many ways to recover from...

Creating User Objects with Active Directory Users And Computers

You can create a user object with the Active Directory Users And Computers snap-in. Although you can create user objects in the root of the domain or any of the default containers, it is best to create a user in an organizational unit, so that you can fully leverage administrative delegation and Group Policy Objects GPOs . To create a user object, select the OU or container in which you want to create the object, click the Action menu, then choose New and choose User. You must be a member of...

Reinstating Inheritance

Inheritance can be reinstated in two ways from the child resource or from the parent folder. The results differ slightly. You might reinstate inheritance on a resource if you disallowed inheritance accidentally or if business requirements have changed. Simply reselect the Allow Inheritable Permissions option in the Advanced Security Settings dialog box. Inheritable permissions from the parent will now apply to the resource. All explicit permissions you assigned to the resource remain, however....

Redirecting Print Jobs

If a printer is malfunctioning, you can send documents in the queue for that printer to another printer connected to a local port on the computer or attached to the network. This is called redirecting print jobs. It allows users to continue sending jobs to the logical printer and prevents users with documents in the queue from having to resubmit the jobs. To redirect a printer, open the printer's Properties dialog box and click the Ports tab. Select an existing port or add a port. The check box...

Ql

Table 4-1 summarizes the use of Windows Server 2003 domain groups as security principals group type security . Table 4-1 Security Group Scope and Membership Group Scope Members Can Include Group Can Be a Member of Windows 2000 native or Windows Server 2003 domain functional level domain Domain Local Computer accounts, users, global groups, Domain local groups in the same and universal groups from any domain domain. in the forest or any trusted domain. Domain local groups from the same domain....

Info

Caution If your computer is on a network, check with the network administrator before assigning a name to your computer. 21. In the Administrator Password text box and the Confirm Password text box, type a complex password for the Administrator account one that others cannot easily guess . Remember this password because you will be logging on as Administrator to perform most hands-on exercises. Important In a manual installation, Windows Server 2003 will not let you progress to subsequent steps...

Managing and Implementing Disaster Recovery

Disks will fail, files will be lost, and power supplies will fuse with a puff of smoke, a few sparks, and an acrid smell. Systems administrators should not wait for a disaster to occur before deciding on a course of action. Before disaster strikes, administrators should have planned and put in place the procedures that will restore system functionality as soon as possible. The first step in protecting data stored on Windows Server 2003 systems is to ensure that it is...

Approving Updates

Update management includes identifying, evaluating, and approving updates. You perform each of these tasks using the Updates page of the WSUS administration site. From the WSUS home page, click the Updates link in the top navigation bar. The Updates page, shown in Figure 9-4, appears. Figure 9-4 Updates administration page Figure 9-4 Updates administration page The list view in the top frame of the Updates page displays a subset of update metadata, including the update's title, classification,...

Managing and Maintaining a Server Environment

Managing a Microsoft Windows Server 2003 system requires an awareness of what is occurring on the system. The best place to find this information is in the event logs. The three main event logs that are on a Windows Server 2003 system are the System, Security, and Application logs. Event log views can be filtered so that only information in which the administrator is interested is displayed. Another part of server management is ensuring that relevant updates are downloaded and applied to the...

Using System Monitor and Performance Logs and Alerts

The System Monitor and Performance Logs And Alerts snap-ins, both of which are included in the Performance MMC, allow you to observe real-time performance of printers, log metrics for later analysis, or set alert levels and actions. System Monitor and Performance Logs And Alerts are discussed in detail in Chapter 12, Monitoring Microsoft Windows Server 2003. To add a counter to System Monitor, right-click the graph area and choose Add Counters. Select the performance object in this case Print...

Computers and Groups

Users need access to resources on the network to do their daily work but should not have access to unauthorized data. This access is gained by logging on to a computer that has access to the domain and then being acknowledged as a member of assigned groups in the domain. Permissions to resources can be set only for users, groups, and computers that are recognized by the domain. Creation of these user, group, and computer accounts can be done manually through tools provided in the Microsoft...

Configuring Audit Settings

To specify the actions you wish to monitor and track, you must configure audit settings in the file's or folder's Advanced Security Settings dialog box. The Auditing tab, shown in Figure 6-12, looks strikingly similar to the Permissions tab before it. Instead of adding permissions entries, however, you add auditing entries. Figure 6-12 Auditing tab of the Advanced Security Settings dialog box Figure 6-12 Auditing tab of the Advanced Security Settings dialog box Click Add to select the user,...

Navigating the MMC

Note that the console has a name and that there is a Console Root. This Console Root will contain any snap-ins that you choose to include. There are no items to show in this view, Each console includes a console tree, console menu and toolbars, and the details pane. The contents of these will vary, depending on the design and features of the snap-in you use. Figure 2-2 shows a populated MMC with two snap-ins loaded. Figure 2-2 A populated MMC Using the MMC...

Event Log Retention Settings

On the General tab of each log's Properties dialog box shown in Figure 12-1 , you can specify the maximum size of the log and its behavior when the log reaches its maximum size. The available log retention options are as follows C W 1N DO'WS System32 conFig Sec Event. Evt Monday. November 25. 2DD2 9 38 56 AM Maximum log size 512 Kl When maximum log size is reached Ovefwrite events as needed C Ovefwrite events older than p C Do not ovefwrite events clear log manually Maximum log size 512 Kl When...

The Access Control List Editor

As in earlier versions of Windows, security can be configured for files and folders on any NTFS volume by right-clicking the resource and choosing Properties or Sharing And Security then clicking the Security tab. The interface that appears has many aliases it has been called the Permissions dialog box, the Security Settings dialog box, the Security tab, or the Access Control List editor ACL editor . Whatever you call it, it looks the same. An example can be seen on the Security tab of the Docs...

Recognizing Computer Account Problems

Computer accounts and the secure relationships between computers and their domain are robust. However, certain scenarios might arise in which a computer is no longer able to authenticate with the domain. Examples of such scenarios include After reinstalling the operating system on a workstation, the workstation is unable to authenticate even though the technician used the same computer name. Because the new installation generated a new SID and the new computer does not know the computer account...

Managing and Maintaining Physical and Logical Devices

One of the primary responsibilities of the systems administrator is to ensure that the physical and logical devices on the servers are correctly managed and maintained. A physical device is hardware that can be touched a network card, a graphics adapter, or a Small Computer System Interface SCSI hard disk drive. A logical device is one that has been created by the operating system. Partitions, volumes, and striped disks are examples of logical devices. The disk management console gives the...

Setting Up a Printer Pool

A printer pool is one logical printer that supports multiple physical printers, attached to the server, attached to the network, or a combination thereof. When you create a printer pool, users' documents are sent to the first available printer the logical printer representing the pool automatically checks for an available port. Printer pooling is configured from the Ports tab of the printer's Properties dialog box. To set up printer pooling, select the Enable Printer Pooling check box, and then...

Q

Extended partition A basic disk may also contain an extended partition. Unlike primary partitions, extended partitions are not formatted or assigned drive letters. Instead, extended partitions are further divided into logical drives. Logical drives are logical volumes on a basic disk. In earlier versions of Microsoft operating systems, including Microsoft Windows 95, Windows 98, and MS-DOS, the operating system could only see the primary partition on which it was installed, plus the extended...

Roaming User Profiles

If users work at more than one computer, you can configure roaming user profiles RUPs to ensure that their documents and settings are consistent no matter where they log on. RUPs store the profile on a server, which also means that the profiles can be backed up, scanned for viruses, and managed centrally. Even in environments where users do not roam, RUPs provide resiliency for the important information stored in the profile. If a user's system fails and must be reinstalled, an RUP will ensure...

Key Terms

Last Known Good Configuration A driver rollback requires logon, whereas a logon invalidates Last Known Good Configuration. Roll Back Driver and Last Known Good Configuration both revert to a previous configuration of a device driver. Last Known Good Configuration reverts to the previous configuration of all devices and services. Safe mode vs. Last Known Good Configuration Logging on in Safe mode loads a minimal set of drivers but will not reset any drivers, whereas the Last...

Configuring Printer Properties

Printer Properties General

After installing the logical printer, you can configure numerous properties by opening the printer's Properties dialog box, shown in Figure 8-2. The General tab allows you to configure the printer name, location, and comments, all of which were initially configured based on your responses to prompts in the Add Printer Wizard. Figure 8-2 The General tab of a printer's Properties dialog box Figure 8-2 The General tab of a printer's Properties dialog box The Sharing tab shown in Figure 8-3 allows...

Using WMIC in Monitoring

With WMI running on a computer, and sufficient administrative credentials owned by the user running WMIC, local or remote monitoring of a computer is available at the command line. In noninteractive mode, multiple commands can be contained in a batch file that is run either manually or on an automated schedule. These WMIC commands can be output to a CSV file, text file, or HTML page to be viewed and analyzed. Following are examples of common monitoring scenarios and output that illustrate the...

Configuring Multiple Logical Printers for a Single Printer

Although a printer pool is a single logical printer that supports multiple ports, or printers, the reverse structure is more common and more powerful multiple logical printers supporting a single port, or printer. By creating more than one logical printer directing jobs to the same physical printer, you can configure different properties, printing defaults, security settings, auditing, and monitoring for each logical printer. For example, you might want to allow executives at Contoso, Ltd. to...

Understanding Effective Permissions

The rules that determine effective permissions are as follows File permissions override folder permissions. This isn't really a rule, but it is often presented that way in documentation, so it is worth addressing. Each resource maintains an ACL that is solely responsible for determining resource access. Although entries on that ACL might appear because they are inherited from a parent folder, they are nevertheless entries on that resource's ACL. The security subsystem does not consult the...

Evaluating Effective Permissions

Complexity is a possibility, given the extraordinary control over granular permissions and inheritance that NTFS supports. With all those permissions, users, and groups, how can you know what access a user actually has Microsoft added a long-awaited tool to help answer that question. The Effective Permissions tab of the Advanced Security Settings dialog box, shown in Figure 6-8, provides a reliable approximation of a user's resulting resource access. Figure 6-8 The Effective Permissions tab of...

Creating a Preconfigured Default Profile

In our introduction to user profiles, we indicated that when a user logs on to a system for the first time, if that user does not have a roaming user profile or if the folder to which that user's roaming user profile is configured is empty, the system copies its Default User profile as the basis for the user's initial profile. Therefore, if you wish to customize the initial environment for all users logging on to a system, you must customize the Default User profile on that system. To do so,...

Configuring Windows Server Update Services Settings

Although you can specify some of the configuration of WSUS during a custom installation, all WSUS settings are accessible from the WSUS administration Web page. From the Windows Server Update Services administration page, click Options in the top navigation bar. Then click the Synchronization Options link. The settings on the Synchronization Options page are easiest to understand if we categorize the issues you will be addressing through your choice of configuration. From where does this WSUS...

Create and Manage User Accounts

User accounts can be added individually through the Active Directory Users And Computers snap-in or through the Directory Service command-line tool Dsadd. These tools are preferred and sufficient for single accounts. Active Directory Users And Computers is also the easiest tool for managing the properties of user accounts because it presents a common and usable interface to these properties. The Directory Service command-line tools are better suited for mass manipulation of the properties of...

Administering Site Licensing

The License Logging service, which runs on each computer running Windows Server 2003, assigns and tracks licenses when server resources are accessed. To ensure compliance, licensing information is replicated to a centralized licensing database on a server in the site. This server is called the site license server. A site administrator, or an administrator for the site license server, can then use the Microsoft Licensing tool in Administrative Tools program group to view and manage licensing for...

Practice Recovering from System Failure

In this practice, you will back up the System State and create an Automated System Recovery Set. You will also install and use the Recovery Console to troubleshoot driver or service failures. Finally, if you have access to a second physical disk drive, you will be able to perform Automated System Recovery to restore a failed server. Exercise 1 Back Up the System State 1. Log on to Server01 as Administrator. 3. If the Backup And Restore Wizard appears, click Advanced Mode. 4. Click the Backup...

Questions and Answers

On a Domain Controller running DNS, what logs will Event Viewer display by default What are these logs, and what data do they collect Application Developers of an application can program their software to report configuration changes, errors, or other events to this log. System The Windows Server 2003 operating system will report events service start or abnormal shutdown, device failures, and so on to this log. The events reported to this log are preconfigured. Security Logon and resource...

Users At Contoso Ltd. Use Microsoft Office Applications To Access Resources On Server01. Your Job Is To Monitor

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the Questions and Answers section at the end of this chapter. 1. Which of the following must be done to generate a log of resource access for a file or folder Select all that apply. a. Configure NTFS permissions to allow the System account to audit resource access. b....

Configuring and Administering WSUS

You will perform five categories of administrative tasks related to supporting WSUS servers configuring settings, synchronizing content, approving updates, managing computer groups, and reporting update status. You perform these tasks using the WSUS Administration Web site, shown in Figure 9-2, which you can access by navigating to http WSUS_servername WSUSAdmin with Internet Explorer 5.5 or later. The administration of WSUS is entirely Web-based. The home page of the WSUS administration site...

Exercise Using Ldifde to Create a Group

In this exercise, you will use Ldifde to add a group named Management to the Marketing OU of contoso.com. 1. Start a text editor, such as Notepad, and create a text file named Newgroup.ldf. Save the file as an LDIF file, not as a text file. 2. Edit the LDIF file Newgroup.ldf, and add the following text dn 3. Save and close the LDIF file. 4. Open a Command Prompt, type the following command, and then press Enter ldifde -i -f newgroup.ldf -s server01 Tip Watch for extra white space tabs, spaces,...

Remote Control

Terminal Server allows an administrator to view or take control of a user's session. This feature not only allows administrators to monitor user actions on a terminal server, but also acts like Remote Assistance, allowing a help desk employee to control a user's session and perform actions that the user is able to see as well. To establish remote control, both the user and the administrator must be connected to terminal server sessions. The administrator must open the Terminal Server Manager...

Using Ldifde

The Ldifde command allows you to import and export accounts using Lightweight Directory Access Protocol LDAP file formats. It is explained in the Windows Help And Support Center search for Ldifde . Figure 4-3 lists the primary commands used with Ldifde displayed by typing ldifde at the command prompt. -f filename Input lt -s servername The se -c FromDN ToDN Replao -d RootDN -r Filter -p SearchScope -1 list Turn on Import Mode The default is Export gt Input or Output filename The server to bind...

Managing User Logon Hours

You can configure a user account to permit or deny logon during a particular time period using the Logon Hours button on the user's Account properties page, shown in Figure 3-4. If a user attempts to log on to a system when logon is denied, the user receives an error message, as shown in Figure 3-13. The user will not be able to log on to a computer during denied hours. CapyHflhUl 19 5 S02 UlcroBaR Cnrporrtlmi ite OBOt Your account has time restrictions that prevent you from logging on at this...

Unlocking a User Account

Account Lockout Error Message

The account lockout policy requires that when a user has exceeded the limit for invalid logon attempts, the account is locked and no further logons can be attempted for a specified period of time or until an administrator has unlocked the account. If a user account is locked out, the user will receive a specific error message at logon, as shown in Figure 3-7. Figure 3-7 Logon message indicating the user's account is locked out Figure 3-7 Logon message indicating the user's account is locked out...

Managing and Maintaining Access to Resources

Access to resources requires proper identification and proper permissions. There is no additional configuration to be done to access files across a network than to make sure that the resource is accessible shared and that the user has appropriate permissions to accomplish the desired action read, write, delete, and so on . This transactional process of analyzing the user's access token involves reading the entries on the access control list ACL of the resource and comparing the list with the...

Lesson Maintaining Disk Storage Volumes

Windows Server 2003 disk volumes are efficient and stable if formatted with NTFS, but somewhat less so when formatted with FAT or FAT32. The NTFS file system logs all file transactions, replaces bad clusters automatically, and stores copies of key information for all files on the NTFS volume. With these mechanisms, NTFS actively protects the integrity of the volume structure and the file system metadata the data related to the file system itself . User data, however, can occasionally be...

Creating Groups with Dsadd

The Dsadd command, introduced in Chapter 3, is used to add objects to Active Directory. To add a group, use the syntax The GroupDN parameter is one or more distinguished names for the new user objects. If a DN includes a space, surround the entire DN with quotation marks. The GroupDN. parameter can be entered one of the following ways By piping a list of DNs from another command such as dsquery. By typing each DN on the command line, separated by spaces. By leaving the DN parameter empty, at...

Managing User Sessions

A variety of settings determine the behavior of a user session that has been active, idle, or disconnected for a time. These settings can be configured in the Sessions tab of the RDP-Tcp Properties dialog box in the Terminal Services Configuration console, shown in Figure 2-22. The settings can also be configured with Group Policy. Remote Control Client Settings Network Adapter Permissions General Logon Settings Sessions Environment Use this tab to set Terminal Services timeout and reconnection...

Points of Administration

Rdp Tcp Properties General Tab

There are several processes that occur as a user connects to a terminal server and at each step, there are opportunities to configure the behavior of the connection. The Remote Desktop Connection client allows 32-bit Windows platforms to connect to a terminal server using the Remote Desktop Protocol RDP . The client has been greatly improved over earlier versions of the Terminal Services client and now includes a wider variety of data redirection types including file system, serial port,...

Importing User Objects Using Csvde

Occasionally, situations arise that require you to create multiple objects quickly, such as a new class of incoming students at a school or a group of new hires at an organization. In these situations it can be helpful to import the accounts from existing data sources so that you do not approach the task on an account-by-account basis. Csvde is a command-line utility that allows you to import or export objects in Active Directory from or to a comma-delimited text file also known as a...

Changing or Removing Computer Restrictions

Computer restrictions, introduced in Lesson 1, limit the computers to which a user may log on. By default, users may log on to any workstation in the domain. They can be restricted by clicking the Log On To button in the Account tab of the user Properties dialog box, shown in Figure 3-4. If a user who has computer restrictions configured attempts to log on to a computer that is not allowed by computer restrictions, the user will receive the message illustrated in Figure 3-10. To troubleshoot...

Manage Backup Procedures

When the System State data is backed up, the following items are written to the backup set System's Registry, COM Class Registration database, boot files, and system files that are protected by the Windows File Protection service. Depending on which services have been installed on the Windows Server 2003 system, System State data can also include the Certificate Services database, Active Directory and the Sysvol folder on a domain controller, cluster service information on a cluster server, and...

Recovering from Mirrored Disk Failures

The recovery process for a failed disk within a mirrored volume depends on the type of failure that occurs. If a disk has experienced transient I O errors, both portions of the mirror will show a status of Failed Redundancy. The disk with the errors will report a status of Offline or Missing, as seen in Figure 11-8. Figure 11-8 A mirrored volume with a failed disk Figure 11-8 A mirrored volume with a failed disk After correcting the cause of the I O error perhaps a bad cable connection or power...

Recovery Console

The Recovery Console is a text-mode command interpreter that allows you access to the hard disk of a computer running Windows Server 2003 for basic troubleshooting and system maintenance. It is particularly useful when the operating system cannot be started because the Recovery Console can be used to run diagnostics, disable drivers and services, replace files, and perform other targeted recovery procedures. You can start the Recovery Console by booting with the Windows Server 2003 CD-ROM and,...

Preventing Users from Logging On with Cached Credentials

When a user logs on successfully to a Windows operating system, the computer caches the user's credentials including the user's username and password . This allows the user to log on even if the computer cannot contact a domain controller, which has obvious value for laptop users who work offline. In certain environments, or on certain systems, you might wish to prevent users from logging on with cached credentials in other words, require their computers to be connected to the network and to be...

Exercise Verify Backup and Restore Procedures

To verify backup and restore procedures, many administrators will perform a test restore of a backup set. To avoid damaging production data, that test restore is targeted not at the original location of the data, but at another folder, which can then be discarded following the test. In a production environment, your verification should include restoring the backup to a standby server, which would entail making sure that the backup device that is, the tape drive is correctly installed on a...

Automated System Recovery

Windows Server 2003 Asr Wizard Screen

Recovering a failed server has traditionally been a tedious task involving reinstallation of the operating system, mounting and cataloging the backup tape, then performing a full restore. Automated System Recovery makes that process significantly easier. Automated System Recovery requires you to create an ASR set, consisting of a backup of critical system files, including the registry, and a floppy disk listing the Windows system files that are installed on the computer. If the server ever...

Dsquery

The Dsquery command queries Active Directory for objects that match a specific criteria set. The command's basic syntax is dsquery object_type StartNode forestroot domainroot -o dn rdn samid -scope subtree onelevel base -name Name -desc Description -upn UPN -samid SAMName -inactive NumberOfWeeks -stalepwd NumberOfDays -disabled -s Server -d Domain -u UserName -p Password As you can see, there are numerous parameters and options for each parameter. In fact, there are even more than the common...

Device Redirection

Local Printers Installed Rdp Session

Once a user has successfully connected, Windows Server 2003 and the Remote Desktop client provide a wide array of device redirection options, including Audio redirection, which allows audio files played within the Terminal Server session to be played by the user's PC. This feature is specified on the Local Resources tab of the Remote Desktop Connection client, as shown in Figure 2-12. However, audio redirection is disabled by default in the Client Settings tab of the RDP-Tcp Properties dialog...

How WMI Works

Described briefly, WMI sources of information providers output information about their components devices, services, applications, and so on to the WMI Object Manager, which enters the information into the WMI database repository . Depending on what is accepted as input and returned as output by each provider, administrators will be able to use methods to manipulate the components, set properties, and configure events that can alert administrators to changes in the components. The WMI...

Account Properties

Of particular note are the user's account properties in the Account tab of the user's Properties dialog box. An example appears in Figure 3-4. Membei Of Dial-in Environment Sessions Remote control Teiminal Services Profile C0M General Address Account J Profile Telephones Organization Membei Of Dial-in Environment Sessions Remote control Teiminal Services Profile C0M General Address Account J Profile Telephones Organization JI Account is locked out Account options 1 Store password using...