Finding Groups on the Global Catalog Server

By default, when you use dsquery.exe group to search for groups, only the domain partition of your domain is searched. Use the gc option to search the global catalog server.The following example shows the previous examples modified to search the global catalog server. dsquery group -desc Microsoft Trainers -gc dsquery group -desc *trainers* -gc dsquery group -name authors -gc dsquery group -name a* -gc dsget group displays the properties of groups in Active Directory. There are two variations...

Vkq

Server roles are a new concept in Windows Server 2003. Even though you might not use the Configure Your Server wizard to implement them, make sure that you are familiar with the different roles. Practice installing and configuring them. Use the file server role to configure disk quotas for users, run the indexing service to make searching for files faster, share folders using the Share a Folder Wizard, and install the File Server Management MMC. A quirk of installing the file server role is...

Using the Performance Utility to Monitor Performance

The main utilities that monitor performance are the System Monitor and the performance logs. These tools provide a graphical user interface to analyze performance data. We will also investigate the command-line tools available in Windows Server 2003.We'll start with the System Monitor. The System Monitor is the primary tool for monitoring system performance. In Windows NT 4.0, it was called the Performance Monitor in Windows 2000, Microsoft changed the name to System Monitor, within the...

Info

Eventtriggers.exe is a tool used to configure and manage triggers on event logs. A trigger is a mechanism that initiates a new process or action when a threshold is met. For example, you can configure triggers on event logs to prevent the logs from filling all the available eventtriggers.exe is a tool used to configure and manage triggers on event logs. A trigger is a mechanism that initiates a new process or action when a threshold is met. For example, you can configure triggers on event logs...

Understanding Windows Terminal Services

The Microsoft Terminal Services feature has evolved and undergone major changes since Microsoft first licensed the technology from Citrix. In the beginning, using Terminal Services required purchasing a separate operating system (Windows NT 4.0 Terminal Server Edition). In Windows 2000, it was included with the Server products, but it was a component that required separate installation. In Windows Server 2003, the core service is installed with the operating system. This is to enable...

Using Command Line Tools

Windows Server 2003 also comes with a set of command-line tools to monitor performance monitoring.We investigate perfom.exe, logman.exe, relog.exe, and typeperf.exe tools in this section.You can use command-line tools to monitor performance locally or on a remote computer. The logman.exe command-line utility manages and schedules performance counters.You can also use it to manage and schedule trace logs.You can use this utility on a remote computer provided you have the proper administrator...

Using ADUC to Create Computers

Open Active Directory Users and Computers (Start Programs Administrative Tools Active Directory Users and Computers). 2. Right-click the domain or OU where you want to create a computer account, as shown in Figure 4.56. Figure 4.56 Creating a New Computer Account Figure 4.56 Creating a New Computer Account 3. Click New from the pop-up menu. 4. Click Computer from the pop-up menu. This gives you the window shown in Figure 4.57. 5. Type the name for the computer account in the Computer name...

Managing Security Identity Mappings

You can map an Active Directory user account to a Kerberos Name to be used in a trusted non-Windows Kerberos realm. Active Directory also supports mapping user accounts to X.509 Certificates as shown in Figure 4.30.You have three options when mapping X.509 certificates Map the certificate to one account. This is known as a one-to-one mapping. Map any certificate with the same subject to the user account, regardless of the issuer of the certificate. This is known as a many-to-one mapping. Map...

Creating and Managing Computer Accounts

You have a laptop that you want to join to the domain.Which of the following tools will enable you to create a machine account in Active Directory for your laptop (Choose all that apply). B. Active Directory Users and Computers C. Active Directory Domains and Trusts 0 dsadd.exe creates Active Directory objects (such as computers) from the command line. Active Directory Users and Computers creates Active Directory objects (such as computers) from the GUI. Therefore Answers A and B are...

Creating and Managing Group Accounts

You have a multiple domain forest.You want to use groups to assign permissions to shared resources in a single domain to users through the forest.You will then grant permissions to the network resources by adding users or other groups into these groups. Which group scope should you use 0 Domain local groups can contain other domain local groups in the same domain, global groups from any domain, universal groups from any domain, user accounts from any domain, and computer accounts from any...

Tas

0 whoami.exe displays information such as group membership, SID, and allowed privileges for the currently logged-on user, therefore Answer D is correct. 0 Answer A is incorrect, because dsquery.exe queries Active Directory for all objects that match the specified criteria. Answer B is incorrect, because dsmove.exe moves objects in Active Directory. Answer C is incorrect, because gpresult.exe displays Resultant Set of Policy (RSoP) about users and computers.Answer E is incorrect, because...

Troubleshooting Hardware Devices

You have recently installed an additional network card into your server for users on a new network segment to access the resources. One of the support analysts calls you several weeks later to tell you that users on that network segment cannot access the server.You use Remote Desktop to access the console from one of the other segments. Opening the command prompt you run ipconfig to see that the device is not listed. What should you do A. Configure the network interface to use static...

Monitoring Server Hardware

You have recently installed a new non-PNP device using the Add New Hardware Wizard.You need to configure some resource settings in the device driver but you are unable to find it in Device Manager.You verify that the device is attached and working.You need to complete this task with the least administrative effort. How can you gain access to the device properties A. Restart the system with the Recovery Console. B. Restart the system in Safe Mode. C. Select Resources by Type in Device Manager....

Understanding Server Hardware Vulnerabilities

You are attempting to play an audio file using Windows Media Player on a server running Windows Server 2003.Windows Media Player tells you that the sound device is not working.What could be the cause of the problem A. Your audio file is the incorrect format. B. The speakers attached to the system are not turned on. C. Sound devices are not enabled by default. D. You need to upgrade the version ofWindows Media Player 0 Sound devices are not installed by default on Windows Server 2003 systems,...

Troubleshooting Disks and Volumes

Your company has recently merged with another company named Novig.As part of the merger you are responsible for migrating all of Novig's e-mail to your Exchange servers.You do not want to migrate the mail across the WAN link, because it would be very slow.You send someone to pick up Novig's Exchange server and bring it to you so you can do the migration locally. However, when you turn on the server it has problems starting Exchange. You look in Disk Management (Figure 2.118) and see that...

Understanding and Using Remote Storage

You have a server running Remote Storage on Windows 2000 Server.You need to upgrade the server to Windows Server 2003.You want it to continue to run Remote Storage after the upgrade.Which version of Windows Server 2003 should you upgrade to 0 When upgrading from Windows 2000 Server to Windows Server 2003, you must upgrade to either Standard Edition or Enterprise Edition. Standard Edition does not support remote storage, but Enterprise Edition does, making Enterprise Edition (Answer C) the...

Optimizing Disk Performance

You use Disk Defragmenter to run an analysis at lunch to determine if you need to defragment your servers.The report states that your disk is extremely fragmented and suggests that you run a defragmentation.You don't want to do it during the day due to performance rea-sons.You come in after hours to run your defragmentation, but you get the error message shown in Figure 2.117 every time you open Disk Defragmenter.What could be the cause of your problem Figure 2.117 Running Disk Defragmenter...

Raid

0 A spanned volume (Answer B) provides a 100-percent drive utilization and enables you to combine different-sized disks into one volume. 0 Answer A is incorrect because you want to store everything on one share. If you used simple volumes you would have four different drives and each one would be shared out separately. Answer C is incorrect because a striped volume requires that all disks have the same amount of unallocated space. Because all our disks are different sizes, a striped volume...

Understanding and Managing Physical and Logical Disks

Users have been complaining that printing is slow.Your print server is currently using basic disk. All spooling takes place on a primary partition.You want to create a dynamic volume to see if it increases your performance.Which of the following volume types should you create 0 A striped volume (Answer C) provides the fastest read and write access of all the dynamic volumes. 0 Answer A is incorrect because a simple volume would not have any better performance than the primary partition you are...

Using Disk Management Tools

You add two new SCSI drives to your test server.You decide that you want to use diskpart.exe to create a new volume on each drive. Every time you type a command you get a message back saying that no disk is selected.What is the cause of your problem A. You need to set diskpart.exe to focus on a disk. B. You need to go into the disk management MMC and enable the ability to use diskpart.exe. C. You are having hardware problems with your new disks. D. Diskpart.exe does not work with SCSI disks. 0...

Installation and Upgrade Issues

You have three Windows 2000 servers that need to be upgraded to Windows Server 2003. Two of your servers are running Windows 2000 Advanced Server, and one is running Windows 2000 Server. All three servers need to be running Windows Server 2003 Standard Edition. Which of the following steps should you perform (Choose two answers.) A. Upgrade the servers running Windows 2000 Advanced Server to Windows Server 2003 Standard Edition. B. Upgrade the server running Windows 2000 Server to Windows...

Licensing Issues

Your company is open 24 hours a day, seven days a week. Everyone works eight-hour shifts and there are three shifts. All three shifts share the same computers. Over the next six months, you will be rolling out Windows Server 2003 and Windows XP.Your company has 1,500 workstations, 4,500 users, and 50 servers.Which licensing model should you use D. External Connector licensing 0 Answer B is correct. In this scenario, you have fewer users than machines, making Per Device licensing the most...

The Windows Server Family

Your company has decided to get rid of all their fax machines. Now, instead of each department having its own fax machine, everyone will share the same fax server. This fax server will allow you to send and receive faxes from within Outlook. Faxing is an important aspect to company business, so you have been tasked with making the Exchange e-mail servers as fault tolerant as possible.You decide to put in a two-node Windows Server 2003 cluster. Each node will have four processors and 2GB of...

Self Test Questions Answers and Explanations

This appendix provides complete Self Test Questions, Answers, and Explanations for each chapter. Chapter 1 Overview of Windows Server 2003 1. Your company has decided to put in a Windows-based Network Address Translation (NAT) server.Your boss wants to use Windows 2000 if possible because you already own a license for it.You have been tasked with determining ifWindow 2000 will suffice, or if you need to go with Windows Server 2003.Which of the following required protocols will help you...

Self Test

Defining and Understanding Disaster Recovery 1. A small company uses a single Windows Server 2003 machine to provide resources and services to users of the network. During a power failure, the drivers for the network card and graphics card for this server are corrupted.You want to connect to this server remotely so that you can repair the damage. Which of the following will you use to fix these problems 2. You are using the Special Administration Console to repair a Windows Server 2003 computer...

Exam Objectives Fast Track

Defining and Understanding Disaster Recovery 0 A disaster recovery plan provides procedures for recovering from a disaster after it occurs and addresses how to return normal Information Technology functions to the business. 0 Best practices should be followed when developing a disaster recovery plan. These include developing and implementing a backup plan, keeping installation CDs handy, using Emergency Management Services, installing the Recovery Console as a startup option, and specifying...

Summary of Exam Objectives

Disasters can occur at any time, and can result from any number of causes. To prevent disasters from causing extensive damage, you need to identify the types of disasters that can affect your business, and then implement plans and policies to deal with them effectively. Such plans include information on how to perform backups and restore data, recover from server problems, and address other issues that can make the business unable to function. Windows Server 2003 provides a number of tools that...

Understanding Access Control

A user attempts to open a file on the network. The user is not listed explicitly in the SACL for the file or its containing folder, nor are any of the groups to which the user belongs. What happens when the user attempts to open the file A. The user is denied access to the file. B. The user is granted access to the file and an audit is triggered upon access. C. The user is granted access to the file and no audit is triggered. D. The user is granted read-only access to the file. 0 Answer C is...

Using Management Tools

You are a consultant and you work for several companies at one time.You keep your laptop in a workgroup because you are at a different company every day.You want to use Stored Usernames and Passwords to add credentials for each of the companies' domains so that you don't have to manually authenticate every time you map drives and print. Which tool would you use 0 cmdkey.exe manages Stored Usernames and Passwords from the command prompt, therefore Answer F is correct.To add a set of credentials,...

Domain Recovery Policies

You can control the EFS environment for your organization through Group Policy. Domain-level Group Policy settings can enforce a recovery policy, specify recovery agents for the domain, and restrict users in the domain from using EFS altogether. To view or configure EFS settings in the domain, follow these steps 1. Open Active Directory Users and Computers. 2. Right-click the appropriate domain and select Properties. 4. Select the appropriate policy object from the list and click Edit. 5....

Recovering from Server Hardware Failure

Recovering from disasters isn't limited to being able to restart the server or restore deleted files. Anyone who's ever had hard disks fail and lost important data can testify to the importance of a computer's capability to recover from hardware failure. Similarly, if a server becomes unavailable due to a major problem, network users are unable to access resources. To deal with the possibility of hardware failure,Windows Server 2003 natively supports different methods of recovery, including the...

Installing and Configuring Server Hardware Devices

You have recently installed a new device into the system.You cannot locate an entry for the device in Device Manager, nor have you been prompted to install device drivers at any A. Use Windows Update to locate and install an updated version of the device driver. B. Copy the device drivers to a directory in the device driver search path. C. Use the Add New Hardware Wizard to install the device drivers. D. Change the Driver Signing Policy options from Ignore to Warn. 0 The device is a...

Using Group Policy to Set User Rights

You have read several times in this chapter that you should apply security configurations to groups and not to users. This holds true for user rights as well. Wherever possible, user rights should be granted to a group and not an individual user object. If you are logged on to a domain controller, the most direct way to assign user rights is through the Domain Controller Security Policy.You can find the link to this in the Administrative Tools folder, either in the Control Panel folder or in...

Creating and Managing User Accounts

You have an administrator named Jeff who cannot log on to any of the servers.You are able to log on to all the servers with no problem. Jeff can log on to his two workstations without any problems.You verify that Jeff has the correct rights to log on to the servers.You think that someone has changed the properties ofJeff's user account to play a joke on him.What could be the cause of the problem A. Jeff's log-on hours have been changed. B. Jeff's log-on workstations have been changed. C. Jeff's...

New Security Features

IIS 5.0 and earlier versions were constantly patched up by HotFixes from Microsoft. IIS was once considered one of the main security holes in Windows architecture. This was a major deterrent to using IIS as a commercial Web server. IIS 6.0 comes with an impressive list of new security features designed to win back commercial users.You will learn about these new features in the next sections. Advanced Digest authentication is an extension of Digest security. Digest security uses MD5 hashing to...

Eventcreateexe

The eventcreate.exe utility creates an event in a specified event file.The valid event files are Application and System logs.You cannot enter events in the Security log with this utility. You must have administrator access to use this utility to enter entries into the application and system logs. The Application log is the default log file for this utility. The log file in which the event is to be entered is specified by using the l switch.The syntax for the command is shown below.The available...

Becoming Familiar with Using Command Line Tools

Before we dive into the various commands, we'll cover command-line syntax in general. If you are a pro at using command-line tools, you may want to skip ahead to the next section (Using dsadd.exe), because you may find this section fairly basic. For the rest of you, we hope this will make using command-line tools a joy instead of a burden. Using command-line tools can be difficult at times. The sticking point for most people isn't figuring out which tool to use. The problem is making sense of...

Specify Group Policy

Click Start Run and type mmc to open an empty management console. 2. Select Add Snap in from the File menu and click Add. 3. Select Group Policy Object Editor and click Add. 4. In the Select Group Policy Object dialog box, click the Browse button to select the correct GPO for the domain or organizational unit. The GPO opens in the Group Policy Object Editor. 5. To specify the file auditing policy, navigate to the Computer Configuration Windows Settings Security Settings File System node in the...

Understanding Event Logs

In this section, we discuss the Event Viewer format and examine the way information is presented in each log. Every event log entry is comprised of several pieces of information. These components are listed in Table 9.5. All of these components can be enabled or disabled by using the View Add Remove Columns menu item. Table 9.5 Columns Available in Event Logs Column Name Description The date the event occurred. This is stored in Universal Time Coordinate (UTC) format, but the date is displayed...

Using Terminal Services Administrative Tools

0 Terminal Services Manager is the primary session management tool. It enables an administrator to monitor, connect to, disconnect from, log off, remotely control, and reset sessions. 0 The Terminal Services Configuration utility is used to create listener (RDP-Tcp) connections on the server and configure server settings that apply to all users who use a particular connection. There can only be one listener connection bound to each network card. 0 Connections can be used to control a wide range...

Iisvdirvbs

The iisvdir.vbs command enables us to create virtual directories for a specific Web site.We can use create, delete, and query switches on this script. It is important to clarify that this command does not generate any new code or physical directories. This command will basically instruct the IIS configuration to point at existing directories and refer to it as a local directory of the Web site. This switch will create a new virtual directory. The following example illustrates the syntax. Table...

Understanding the Interaction of Share Permissions and NTFS Permissions

When a user accesses data through a file share, the share permissions and NTFS permissions both impact the level of access the user has to the files and folders in the share. The user access level is determined by the more restrictive access defined by the total cumulative permissions in either the share or NTFS security. This is easy to understand if the NTFS permissions are more limited, but many new system administrators can get confused when the share permissions are more limited.You need...

Uva

You have recently installed an additional network card into your server for users on a new network segment to access the resources. One of the support analysts calls you several weeks later to tell you that users on that network segment cannot access the server.You use Remote Desktop to access the console from one of the other segments. Opening the command prompt you run ipconfig to see that the device is not listed.What should you do A. Configure the network interface to use static instead...

Understanding How Permissions Are Inherited

When setting NTFS permissions on a folder, those permissions are automatically transferred to all files and subfolders within the folder. This is by design otherwise, you would have to set permissions on every folder on the disk to control access, and that would place a huge burden on system administrators who would have to keep up with all the changes they would have to make each time some folder setting was modified. Say that you create a folder on your server and name it Public.You then...

Using cmdkeyexe

Cmdkey.exe enables you to manage Stored Usernames and Passwords from the command prompt. It displays, creates, and deletes stored usernames and passwords. cmdkey.exe uses the following syntax. (Table 4.4 displays the syntax for cmdkey.exe in detail.) CMDKEY add generic targetname smartcard user username pass password delete targetname ras list targetname Table 4.4 Understanding cmdkey.exe Syntax Table 4.4 Understanding cmdkey.exe Syntax Adds a username and password to the list. Adds generic...

Using New Command Line Tools

Windows Server 2003 introduces a number of command-line-based scripts to manage printers. If you have large numbers of printers on your network with many servers, using these new command-line scripts in batch files can save you a lot of time compared with using the graphical interface. The scripts are written in Visual Basic and have to be run in a command window using cscript, as in this example cscript prncnfg.vbs. It isn't necessary to include the .vbs extension. But using cscript is...

U

(UTF-8), 664 universal groups, 319, 320-323 determining changing, 343 using, 346 universal serial bus devices, support for introduced with Windows 95b, 7 UNIX, IIS troubleshooting and, 691 unreadable disk error message, 173 upgrading to Windows Server 2003, 52 benefits drawbacks of, 50-53 UPN name suffix, changing, 282 URL authorization, for IIS 6.0, 661 USB devices, support for introduced with Windows 95b, 7 user account extensions, 560-564 user accounts, 256, 277-317 creating automating for...

Working with Volume Shadow Copies

Volume shadow copies are used to provide copies of data at a given point in time. Users can view the contents of shared folders and see previous versions of data. This enables them to use these copies as if they were restoring a backup of data from an earlier time. When shadow copies are made of shared folders, there are a number of benefits. If a file was deleted or corrupted in some way, you can open the previous version and copy it to the original location or another location. This also...

The Client Settings

Remember that when you connect to a Terminal Services session, you are really working on the server. The desktop that is displayed on your local system reflects what is happening on the server.When you open Windows Explorer, the local drives displayed are actually the server's disk drives. The Client Settings tab contains a number of settings that can be used to make your local client resources (disk drives, printers, bar code scanner, etc.) also available from within your session. As with many...

Activating Windows Server

Unless you are using Volume Licensing for Windows Server 2003, you will at some point have to activate a server. You can activate over the Internet or via the phone. Use the following steps to activate over the Internet. These steps are based on using the new LUNA interface of Windows Server 2003. If you are using the classic Start menu, the first steps will differ. 3. Click on Activate Windows. This will open the Activate Windows screen as shown in Figure 1.14. 4. Select Yes, let's activate...

Using Emergency Management Services

Emergency Management Services (EMS) is a new feature in Windows Server 2003 that enables you to remotely manage a server when normal network connectivity has failed. Under normal conditions, you use the tools described in this and other chapters to manage your server either by being physically present at the server or over the network. However, what happens if the network crashes or the server doesn't boot properly Provided the server has the appropriate hardware and firmware, you can remotely...

W

WANs (wide area networks),Terminal Services and, 490 warnings, as event type, 760 WBEM (Web-Based Enterprise Management), 595 WBTs (Windows-based Terminals), 490 Web-Based Enterprise Management (WBEM), 595 Web browsers, managing servers remotely via, 591-593 Web Distributed Authoring and Versioning (WebDAV), 658 Web Edition (of Server 2003), 45 IIS and, 646 Web servers, managing with IIS 6.0, 645-719 Web Service Extensions, 650 configuring security settings for in IIS, 684-686 creating managing...

Using Control Panel Applets

Certain Control Panel applets expose hardware status information as you work with the functional properties that involve those devices. When it comes to actually managing the hardware side, these applets often bring you back to Device Manager's Properties dialog boxes to do actual management. Applets that involve this sort of functionality include Network Connections, Mouse (shown in Figure 3.16), Keyboard, Sounds and Audio Devices, and more. Figure 3.16 Mouse Control Panel - Hardware Tab

Exam Warning

Do not confuse striped volumes with RAID-5 volumes (formerly known as stripe sets with parity). Striped volumes (without parity) do not provide fault tolerance. Their purpose is to increase the speed of read and write access to a volume. Figure 2.6 Understanding Striped Volumes Disk 0 Disk 1 Disk 2 Disk 3 Figure 2.6 Understanding Striped Volumes Mirrored volumes require exactly two disks and these two disks should be identical. Not only should they be the same size, but Microsoft recommends...

Manage Software Site Licensing

Microsoft based the Windows Server 2003 licensing structure on Windows 2000's structure. However, they have changed some things.This section is not the end all be all when it comes to Microsoft licensing. This section is meant to serve as a guide on the basics of Windows Server 2003 licensing. To order licenses, contact your Microsoft Software Advisor. In the United States, call (800) 426-9400, or visit the Microsoft Licensing Program Reseller Web page In Canada, call the Microsoft Resource...

Public Key Cryptography

Public key cryptography is a significant improvement over secret key cryptography. In the secret key method, only one key is needed to encrypt and decrypt data, but both parties must have the secret key. Managing and keeping track of changes to secret keys is a difficult process, and whoever has a copy of the secret key, no matter how they acquired it, is able to decrypt any data encrypted with the secret key. In public key cryptography, a pair of keys are assigned to a user. These keys are the...

Ensuring Your Device Drivers Are Digitally Signed

Ongoing changes to the server environment bring the risk of critical system files being replaced. One of the advantages of using digitally signed device drivers is that there are several tools to help ensure that they remain intact on a continuous and on-demand basis. These tools include the following File Signature Verification tool Windows File Protection (WFP) helps protect critical system files from being replaced or corrupted by other processes. Protecting these files helps the system...

Rei

Access control, 409-485 how the process works, 412 terminology of, 411 troubleshooting, 444-447 guidelines for, 445 See also security reliability Access Control Entry (ACE), 411 Access Control Lists (ACLs), 661, 665 types of, 411 access tokens, 412 Account tab (ADUC tool), for user accounts, 282-285 ACE (Access Control Entry), 411 ACLs. See Access Control Lists activating Windows Server 2003, 48-50 active command, 88 Active Directory (AD), 2, 16, 22, 258 clustering integrated with, 31 computer...

Understanding Disk Terminology and Concepts

Your domain controller currently has one 36GB dynamic disk.You want to add another disk and configure both disks into a mirror to provide fault tolerance for your domain controller. You shut down your sever and add the disk. After starting Windows, you go into the disk management MMC and verify that the disk is there. It shows up as unallocated space.You right-click on the C drive, but Add Mirror is grayed out.You cannot select it.What could be the cause of your problem A. You need to format...

Implementing RAID Solutions

There are several options for setting up a RAID environment.You can use either software-based RAID or hardware-based RAID. Software-based RAID is more cost effective because you don't have to purchase anything extra, but it works only in certain situations and performance is not as good.You cannot easily change from one RAID type to another. If you want to change you must do the following 2. Erase your existing RAID configuration. 3. Create a new RAID configuration. 4. Restore your data from...

Understanding and Using Access Permissions

The employees in Marketing access their shared data through a share named Marketing, which gives them access to read, write, create, and delete files in the folder. They have created a new folder in the shared folder named Public. They have asked you to create a new share to this public folder so they can make the contents of the folder available to the entire company, yet restrict access so only marketing employees can modify any of the files in this new share. How will you set up the...

Revised IIS Architecture

Internet Information Services (IIS) is Microsoft's Web server product. IIS 6.0 is included with all versions ofWindows Server 2003.With this new version, Microsoft has made great leaps in the area of IIS reliability, availability, management, and security. IIS 6.0 was designed so a problem with one application won't cause the server or other applications running on the server to crash. It provides health monitoring and disables Web sites and applications that fail too frequently within a...

Using New IIS Command Line Utilities

The iisftp.vbs command can be used to create, start, stop, pause, and list FTP sites in IIS 6.0 server.You have been experimenting with this command.What will be the outcome of an iisftp query command-line invocation A. An error will come up. It is not a valid command because the .VBS extension is not present. B. An error will come up.You haven't listed the FTP site name to query on. C. A list of all FTP sites will come up. D. The information for the query FTP site will come up. 0 The query...

Add An Audit Setting for Files and Folders

Open Windows Explorer Start Accessories Windows Explorer . 2. Navigate to the file or folder you on which you want to enable audit policy. Select the c test directory for this exercise. 3. Click Properties and navigate to the Security tab. 4. Click the Advanced button and select the Auditing tab. Your screen should be similar to Figure 9.21. The existing audit entries on the folder are displayed. You can select the Edit button or the Remove button to modify the existing properties or remove...

Creating the Certificate Authority Hierarchy

The first step in creating the CA hierarchy is installing the root CA, the highest point of trust in the organization. If the root CA is the only CA in the hierarchy, it will issue certificates to all objects in the PKI. If the structure is larger, the root CA can issue certificates to other CA servers alone, or it can be used to serve users and computers as well although the latter scenario is not recommended .The root CA generates a self-signed certificate that will be used to authenticate...

Using the Members

A group's Members tab is shown in Figure 4.38.This lists all the members of the group. It shows the members' names and locations in Active Directory. Click Add to add members to the group.This gives you the window shown in Figure 4.39.Type the name of the account user or group you want to make a member of the group and click Check Names to verify that the user or group exists and that the name is spelled correctly. Click OK to add the account to the group. Figure 4.38 Understanding a Group's...

Adding a User to a Group

Right-clicking a user account and choosing Add to a group gives you the window shown in Figure 4.29.This window enables you to add the selected user account to a group. Type the name of the group and click the Check Names button to verify that the group exists. If the group exists and you spelled it right, it will be underlined. Click OK to add the user to the selected group. Figure 4.29 Changing Group Membership

Installing the Remote Desktop Web Connection Utility

Rdp Printers Dialog Box

The Remote Desktop Web Connection utility does not install automatically with IIS6. It is not available for installation from the Configure Your Server Wizard, but must be added using Add or Remove Programs from Control Panel in the Windows Start menu. To install it, follow these steps 1. In the Add or Remove Programs utility, click the Add Remove Windows Components button on the left side of the screen. A Windows Setup pop-up dialog box will briefly appear, followed by the Windows Components...

Using the Object

There is nothing to configure on the user's Object tab, shown in Figure 4.25.This tab shows you the location of the object in Active Directory the Canonical name . It shows you the type of object you are looking at Object class . It shows you when the object was created and when it was last modified. For replication purposes, the Object tab also lists the current and original Update Sequence Numbers USNs . Active Directory uses USNs to determine what directory changes need to be replicated...

Objective

Table 4.9 Understanding the for Command Value Description variable Specifies a single-letter replaceable parameter. set Specifies a set of one or more files. Wildcards may be used. command Specifies the command to carry out for each file. command-parameters Specifies parameters or switches for the specified command. Shows the help for the For command. There are many more options available that are not listed here due to length. Simply put, the for command enables you to instruct a command such...

Managing User Accounts Via the PopUp Menu

We just saw in detail how to use ADUC to manage user accounts by going to the properties of the user and working through each tab. Some items can be managed quickly via the pop-up menu when you right-click a user account name in the right details pane, as shown in Figure 4.27. Figure 4.27 Administering User Accounts Figure 4.27 Administering User Accounts You can perform the following tasks by right-clicking on a user Copy Copy certain properties of the user account to be used when creating a...

Using the General

The General tab of a group's properties is shown in Figure 4.37. Use this tab to change the group's name and description. Always give your groups a descriptive name and fill in the description. Use the Notes field to key in additional information about the group, such as the group's point of contact, who created the group, why the group was created, etc. If the group is mail-enabled for Exchange 2000, the E-mail field is automatically populated with the primary e-mail address of the group.The...

Using dsaddexe Group

Dsadd.exe enables you to quickly add multiple groups. In this section, you learn the syntax for dsadd group. Like the other dsadd commands, there is a lot of syntax for this command. The syntax for dsadd group is as follows, and available switches are explained in detail in Table 4.12. dsadd group lt GroupDN gt -secgrp yes no -scope l g u -samid lt SAMName gt -desc lt Description gt -memberof lt Group gt -members lt Member gt -s lt Server gt -d lt Domain gt -u UserName gt -p lt Password gt -q...

Ij

Q How can I connect to, view, and interact with the console session using Terminal Services A The Remote Desktop MMC snap-in is designed for administrator use. It enables connection to multiple Terminal Services computers, in addition to defaulting to console session access.You can also connect to the console from the command line by typing mstsc console. Q Is Remote Assistance a part of Terminal Services or a separate component A Like Remote Desktop for Administration, Remote Assistance exists...

L

-uc -uco -uci -part lt PartitionDN gt Shows the user's home drive letter if home directory is a UNC path . Shows the user's profile path. Shows the user's logon script path. Shows if the user must change his her password at the time of next logon. Displays yes or no. Shows if the user can change his her password. Displays yes or no. Shows if the user password never expires. Displays yes or no. Shows if the user account is disabled for logon or not. Displays yes or no. Shows when the user...

Gb Gb

Set the criteria for managing free space on the volume with the Volume Settings dialog box shown in Figure 2.101. Click Next to continue. 5. Next you will be asked to choose which media type to use, as shown in Figure 2.102. For this exercise, select Removable media and click Next to continue. Figure 2.101 Managing Free Space on Your Volumes Figure 2.101 Managing Free Space on Your Volumes 6. The last item to configure is the schedule for copying files, as shown in Figure 2.103. To accept...

Extending a Basic Volume

Even though you cannot use Disk Management to extend a basic volume, let's open it anyway so that we can see our volume as it gets extended. We will use diskpart.exe to actually do the extending. For this exercise we will be extending the primary partition F on Disk 2. 1. Open Computer Management by right-clicking My Computer and choosing Manage. 2. Expand Storage and click Disk Management. This will give you the window shown in Figure 2.37. Use this window to see the before and after of...

Understanding How EFS Works Under the Hood

Instead of using passwords that the user must remember each time he or she wants to access a file, EFS uses a system of keys based on public key technology.When a user encrypts a file on an EFS-enabled NTFS volume, several keys are created related to the file. First, if the user does not have a digital certificate suitable for EFS, one is automatically created by the system, which also generates a public key for the user based on the certificate. Next, a randomly generated key is created and...

Installing the Remote Desktops MMC SnapIn

To prepare the Remote Desktops MMC snap-in for use, you begin by opening a blank MMC console. Click Start Run and type MMC in the Open dialog box. In the MMC window that appears, click File Add Remove Snap-in. In the Add Remove Snap-in dialog box, click the Add button. Select Remote Desktops from the Available Standalone Snap-ins list in the Add Standalone Snap-in dialog box and click the Add button followed by the Close button. In the Add Remove Snap-in dialog box, click the OK button. Remote...

Enabling Auditing of Object Access

In addition to defining an audit policy as you learned to do in the exercises, you must enable auditing on each particular object for which you want to audit access. In this section, we will discuss how to enable auditing on objects, files, and folders. Objects include Registry keys, printers, files, folders, and so forth. Every Windows object has a security information object attached to it. It is referred as the security descriptor of the object. The security descriptor contains permission...

System Configuration Utility

The System Configuration Utility helps you diagnose services that are related to startup and that can cause issues. It is geared more towards system services as opposed to device drivers, but can be useful because some devices include services as well as more traditional device drivers. To access this tool, at the command prompt or Run option on the Start menu, type msconfig.exe and press Enter. After you open the tool, you will notice a variety of options that can be used to configure the...

Adding a New Connection

Now that you've created the new MMC, it's time to learn how to configure it to connect to Terminal Services on your servers. Begin by right-clicking the Remote Desktops node in the tree view on the left side of the utility. From the context menu that appears select Add new connection. This will open the Add New Connection window, as shown in Figure 6.9. Figure 6.9 The Add New Connection Dialog Box in the Remote Desktops MMC Snap-In Figure 6.9 The Add New Connection Dialog Box in the Remote...

Monitoring Performance

You need to query your memory trace file. The file is called test_log and it is stored in the root of the C drive.You are thinking of using the relog.exe command-line utility to extract the data to a .csv file called out.csv that also resides on the root of C drive.You are thinking of reading the log data in chunks of 10 records at a time.What will be your command-line instructions to execute this scenario A. relog.exe C test_log.blg -config Memory Available Bytes o C out.csv t 10 f csv B....

Troubleshooting Fragmentation Problems

Disk fragmentation is inevitable if you ever delete files, install programs, or otherwise use the computer for normal tasks. To optimize disk performance, you should defragment your disks as often as needed.This section covers some of the common problems that you might encounter related to disk fragmentation and the defragmentation process, including the following Computer is operating slowly. The Analysis and Defragmentation reports do not match the display. Volumes contain unmovable files....

Using the New Hardware Wizard

The New Hardware Wizard is used to install device drivers for non-PNP devices.You can also use the wizard to install drivers for any PNP device for which you did not have the suitable device driver at the time it was connected to the system.The latter scenario is actually handled by the Hardware Update Wizard, which is invoked from within the New Hardware Wizard. You need the following rights to use the New Hardware Wizard by default, members of the local Administrators group hold these...

Creating a Backup Plan

Members of the organization store files on a Windows Server 2003 computer. Each department has its own folder, with subfolders inside for each employee within that department. A complaint has been made about an employee having non-work-related files on the server that are considered offensive. Upon checking the contents of that person's folder, you find it to be true.You want to back up the entire contents of this folder, without affecting the backups that are performed daily. What will you...

Assigning User Rights

In this exercise, you will go through the steps necessary to assign the capability to log on to a terminal server to an Active Directory group. You have just set up a new Windows Server 2003 computer and configured it to run as a terminal server. Now the employees in the Sales department want to be able to access the terminal server when they are on the road. 1. Open Start Programs Administrative Tools Domain Security Policy. 2. Expand the Local Policies object in the left pane. 3. Select the...

Creating an Extended Partition

Right-click the unallocated space on the disk on which you want to create an extended partition. 2. Click New partition on the pop-up menu. This will start the New Partition Wizard as shown in Figure 2.19. Figure 2.19 Creating an Extended Partition with the New Partition Wizard Figure 2.19 Creating an Extended Partition with the New Partition Wizard 4. On the Select Partition Type window Figure 2.20 , select Extended partition. 5. Click Next to continue. You will now be prompted to specify...

Using dsgetexe

Dsget.exe is used to see the properties of objects in Active Directory. It shows selected attributes of computers, contacts, groups, organizational units, servers, or users.You input objects into dsget.exe and it outputs a list of properties for those objects. dsget.exe supports the following commands dsget computer Displays properties of computers in the directory. dsget contact Displays properties of contacts in the directory. dsget subnet Displays properties of subnets in the directory....

Using Groups in a Single Domain

You have a network file share to which you want to configure access for 20 user accounts. You could manually configure the share permissions to enable each of the 20 user accounts to have the required access. However, if later you need to configure the permissions on a second network file share for the same 20 user accounts, you would need to perform the manual permissions assignment again for all 20 users. The easier, more accurate, and more secure way to assign the permissions you need is to...

Improved File and Print Services

Practically every organization uses file and print services, as sharing files and printers was the original reason for networking computers together. Microsoft has improved the tools used to manage your file system by making the tools run faster than before this allows users to get their jobs done in less time and requires less downtime for your servers.The Distributed File System DFS and the File Replication Service FRS have also been enhanced for Windows Server 2003, and Microsoft has made...

History of Directory Services

The first directories were paper directories like the telephone book or TV guides. Some of the first electronic directories were DNS and WHOIS. Later, application directory services appeared in e-mail products such as Microsoft Exchange, Novell GroupWise, Lotus cc Mail, and in online directory services functioning as electronic phonebooks such as Four11, Switchboard, and BigFoot. It might be difficult to think of an electronic telephone book as a directory service, but it does match our...

The Programs

By default, when you connect to a Terminal Services session, you will receive a Windows 2003 desktop.The selections on this tab enable you to receive only a specified application instead. If Terminal Services is being used to provide only a single application for each user, this setting can increase security by ensuring that users do not receive a full desktop upon connection. This will prevent them from performing tasks on the server other than running the specified application. If the check...

Introduction

Regardless of how hard administrators work to protect their networks and systems from disaster, sometimes the worst occurs. Servers are subject to hardware failure due to age, overuse, or defects, data loss from hack attacks, and even natural disasters such as fire or flood that can destroy both the data and the systems themselves. Planning for disaster is an important part of every network administrator's job. Windows Server 2003 includes tools to help you prepare for a serious system failure...

Using New Command Line Utilities

A user is attempting to use the cipher.exe command-line tool to make changes to the encryption settings on a folder but keeps getting errors related to incorrect parameters. When the user asks you about the errors, you suspect that he might be using an older version of cipher that does not support the command-line parameter he is trying to use. How would you find this older version of cipher for the user A. Have the user open a command prompt on his PC and type where cipher at the command...

Iiswebvbs

The insweb.vbs utility is used to create and manage Web sites in IIS 6.0.This utility is stored at System Root system 32 directory. iisweb.vbs comes with six main switches. The main switches are listed in Table 8.2.The first argument for iisweb.vbs is one of these main switches. The rest of the arguments are further information to perform the task. The common syntax is Iisweb switch parameters to switch Table 8.2 Switches Available in Iisweb.vbs To check whether the Web site sites are The...

Troubleshooting Disk Quotas

However, they can lead to trouble if they are improperly configured or not managed properly.This section covers some of the more common issues that appear when using disk quotas. Issues such as the following The Quota tab is not there. Deleting a Quota entry gives you another window. A user gets an Insufficient Disk Space message when adding files to a volume. Disk quotas are set via the quotas tab on the properties of a volume. If the tab does not appear Figure...

The Domain Concept

The dictionary definition of domain is a territory over which rule or control is exercised. In other words, a domain is a control boundary.You can control objects within a domain together, as if they were one. In Microsoft computing terminology, a domain is a logical group of computers with a common database of accounts. All of these accounts are managed and secured together in a central location on the domain controller . Domains provide centralized authentication and centralized account...

Creating a System Recovery Plan

The master boot record on the boot partition of your Windows Server 2003 computer has become damaged. When the computer tries to start, it fails before displaying the multi-boot menu that enables you to choose which operating system to start, preventing you from accessing utilities that are available after Windows Server 2003 starts. How will you fix the problem A. Restore the master boot record from an Automated System Recovery set. B. At startup, press the F8 key to access the startup...

Using the Member Of

The Member Of tab, shown in Figure 4.23, manages the groups of which the selected user is a member. By using the Add and Remove buttons, you can add and remove this user from groups. If you are using Apple clients or POSIX-compliant applications, you can use this tab to set the primary group as required. If a user account is a member of only one group, that group is automatically configured as the primary group as shown in Figure 4.23. If a user account is a member of multiple groups, click the...