What Are Administrative Tools

Commonly used administrative tools Active Directory Users anc Computers Active Directory Sites and Seivieas Active Directory Domains and Trusts Computer ManaijerriBni DNS Remote Desktops install to perform remote administration Introduction Administrative tools enable network administrators to add, search, and change computer and network settings and Active Directory objects. You can install the administrative tools for managing a Windows Server 2003 environment on computers running Microsoft...

Practice Managing Access to Files and Folders Using NTFS Permissions

In this practice, you will manage access to files and folders by using NTFS permissions Objective In this practice, you will manage access to files and folders by using NTFS Instructions Before you begin this practice Log on to the domain as ComputerName Admin. Note You cannot use the Run as command with Windows Explorer, so you must log on as ComputerName.Admin to have the permissions that you need to complete this practice. Review the procedures in this lesson that describe how to perform...

Lab A Preparing to Administer a Server

Create a shared folder 01 a remote computer Defragment a disk Dn a remote ccmputer Connect to a remote console session Create shortcuts for administrative tools After completing this lab, you will be able to Create a shared folder on a remote computer. Defragment a disk on a remote computer. Connect to a remote console session. Create shortcuts for administrative tools. You are the systems administrator for an organizational unit on a network. Another systems administrator, who is off-site, has...

Active Directory Terms

The logical structure of Active Directory is flexible and provides a method for designing a hierarchy within Active Directory that is comprehensible to both The logical components of the Active Directory structure include the following Domain. The core unit of the logical structure in Active Directory is the domain. A domain is a collection of computers, defined by an administrator, that share a common directory database. A domain has a unique name and provides access to the centralized user...

How to Create a GPO Link

Your instructor will demonstrate how to create a GPO Sink Procedure for creating and linking a GPO Use the following procedures to create and link GPOs, link existing GPOs, unlink a GPO, delete a GPO link, delete a GPO, and disable a GPO. 1. In Group Policy Management, in the console tree, expand the forest containing the domain in which you want to create and link a GPO, expand Domains, and then do one of the following To create a GPO and link it to a domain, right-click the domain, and then...

Deploying a Custom Template Using a GPO

In this exercise, you will import a custom template to a GPO and deploy the template to your computer. You will then test your computer to determine if you received the GPO. Organizational unit to link to GPO Locations ComputerName Computers GPO name ComputerName Security Settings 2. Import a security template to a GPO. Template name ComputerName Server Policy.inf 3. Disable Block Policy inheritance. Expand all organizational units of Locations VrjflqmJtfr.VjiiFn and remove any blocking of...

How to Copy or Remove Inherited Permissions

Your instructor will demonstrate how to copy or remove inherited permissions Introduction Use the following procedure to copy or remove inherited permissions. Procedure To copy or remove inherited permissions 1. In Windows Explorer, right-click the file or folder you want to change inherited permissions on, and then click Properties. 2. In the Properties dialog box, on the Security tab, click Advanced. 3. In the Advanced Security Settings dialog box, clear the check box labeled Allow...

What Is ntbackup

In addition to Backup, Windows Server 2003 provides a command-line tool, ntbackup, that you can use to back up and restore data. You can perform backup operations from a command prompt or from a batch file by using the ntbackup command, followed by various parameters. There are two important limitations to using batch files to back up your data When you use the ntbackup command, you must back up entire folders only. You cannot designate individual files for backup. However, you can designate a...

How to Restore and Update Device Drivers

Your instructor wilt demonstrate how to Restore a pr viens version of a device driver Update a device driver Introduction This topic covers the procedures that you use to restore and update device Procedure for restoring As a systems administrator, you may need to restore a previous version of a a device driver driver. For example, a user complains that after he installed a new modem driver on his computer, his connection speed dropped from 56 kilobits per second (Kbps) to 14.4 Kbps. He wants...

Group Policy Setting for Unsigned Device Drivers

The default Group Roi icy setting f r unsigned drivers is Devices Unsigned driver hstafeion behavior Si emly shewed usons can natal ungigred driuera,. na waning appears Wsrn bul all i n sla lalion users can i' bla'l unsigned crivers, bul d warning appears EJd not allium inshallslion users cannm.flsfall unsgned drvers The Group Policy setting for unsigned device drivers is named Devices Unsigned driver installation behavior. You can use it to allow users to install unsigned drivers, to warn...

What Are Active Directory Object Permissions

Change permissions, lake owners nip, and perform the tasks thai are allowed by ail o erslanda'd perarissnns Vioti etfs, osjecl attr bLtes. Ihe abject owner, Bnrl Affive Director psrmiseions Add any typH oi ah ed ta an nrganizshryial un t Remove any lype a ch abjsct Jnc- a n organizational unit Active Directory object permissions provide security for resources by enabling you to control which administrators or users can access individual objects or object attributes and the type of access...

What Is the Purpose of a Mounted Drive

Adds volumes to systems without adding separate drive letters for each new volume Disk Management assigns a dr ve path to the drive rattier than a d'ive letter D'ive paths retain (heir association to the drive Add or rearrange storage devices without the drive path failing increases number of drives, not storage space Manages data storage based on work environment and system usage Create multiple mounted drives per volume Using NTFS mounted drives is a convenient way to add volumes to a...

The Delegation of Control Wizard

Use the Delegation of Control Wizard bo specify The user or group to which you want to delegate oonlral The organisational unils and objects you want to gran-tfia user or Group the permission to control Tasks that you want (he user or group to be ablB to perform The Delegation of Control Wizard automatically assigns to users the appropriate per missions to access and modify specified obj cts Introduction You use the Delegation of Control Wizard to select the user or group to which you want to...

How to Enable and Disable Disk Quotas

Your instructor will demonstrate how to Enable disk quotas by using Windows Explorer Disable disk quotes by using Windows Explprer Use the following procedures to enable and disable disk quotas. To enable disk quotas 1. In Windows Explorer, right-click the disk volume for which you want to enable disk quotas, and then click Properties. 2. In the Properties dialog box, on the Quota tab, select the Enable quota management check box. 3. Select one or more of the following options a. Deny disk...

Lesson Using Security Templates to Secure Computers

What Is a Security Policy What Are Security Templates What Are Security Template Settings How to Create a Custom Security Template * How to Import a Security Template Introduction You can create security templates to create a security policy and alter a security policy to meet the security needs of your company. You can implement security policies in several different ways. The method you use depends on your organization's size and security needs. Smaller organizations, or those not using...

How to Encrypt a File or Folder

Your instructor will demonstrate how to Encrypt Piles or folders by using Windows Explorer Encrypt u'fline files or folders by using Windows Explorer Encrypt files Of folders by using the cipher command Procedure for encrypting an offline file or folder Procedure for encrypting a file using cipher Use EFS to encrypt files that must be protected, especially those files that will be shared across the network or over the Internet. Encrypting an offline file helps to ensure that you can protect all...

What Is Network Usage

Network usage is the percentage of network bandwidth that is in use on the segment that is being monitored. Network bandwidth is measured in several different ways The rate at which bytes are transferred to and from the server. The rate at which data packages are sent by the server. Data packages include frames, packets, segments, and datagrams. The rate at which files are sent and received by the server. Effective network bandwidth varies widely depending upon the transmission capacity of the...

What Are the Effects of Moving and Copying Compressed Files and Folders

Bitwttri H F - Partit bus rd Volumes Moving and copying files and folders on disk volumes can change their compression state, depending on the compression state of these files and folders and on the file system in which they were created. The compression state of a file or folder created in an NTFS partition is controlled by its compression attribute. As shown in section A of the illustration, when you copy a file or folder within an NTFS partition, the file or folder inherits the compression...

How to Create a Simple Volume

Your instructor will demonstrate how to Create an a pimple volume by using Disk Management Create a si mpl vol um e by u s in g Disk Pa rt Procedure for creating a simple volume by using Disk Management Procedure for creating a simple volume by using DiskPart Create a single volume on a dynamic disk if you plan to expand the volume in the future. To create a simple volume by using Disk Management 1. In Computer Management, open Disk Management. 2. Right-click the unallocated space on the...

Guidelines for Creating a User Account Naming Convention

A convention for naming user accounts should accommodate Different types of employees, such as temporary or contract employees Introduction A naming convention establishes how user accounts are identified in the domain. A consistent naming convention makes it easier for you to remember user logon names and locate them in lists. It is a good practice to adhere to the naming convention already in use in an existing network that supports a large number of users. Guidelines Consider the following...

Lesson Configuring Shadow Copies

What Are Shadow Copies Mow to Configure Shadow Copies on the Server Previous Versions Client Software for Shadow Copies How to View Previous Versions of Client Software Shadow Copy Scheduling Hawta Schedule Shadow Copies Whait Is Restoring Shadow Copies How to Restore a Previous Version * Best Practices for Using Shadow Copies Introduction In Windows Server 2003, you can use Shadow Copies of Shared Folders as a data recovery tool. You can use shadow copies to view and restore shared files and...

What Is a Mounted Drive

Is assigned a path rather than a drive letter Can unify different tile systems on a logical drive Allows you to add more drives without using up drive letters Definition A mounted drive is a self-contained unit of storage that is administered by an NTFS file system. You can use Disk Management to mount a local drive to any empty folder on a local NTFS volume rather than to a drive letter. This method is similar to creating a shortcut that points to a disk partition or volume. Mounting a drive...

Practice Creating User Accounts

Create a local user account by using Computer Management Create a domain account by using Active Directory Users and Computers Create a domain user account by using Run as Create a domain user account by using dsadd Create a local user account by using Computer Management. Create a domain account by using Active Directory Users and Computers. Create a domain user account by using Run as. Create a domain user account by using dsadd. Log on to the student computer by using the ComputerNameUser...

How to Assign Change or Remove a Drive Letter

Your instructor will demonstrate how to Assign, change and remove a drive letter by using Dish Management Assign, change and remove a drive letter by using DiskPart You can use either Disk Management or DiskPart to assign, change or remove drive letters on partition. As an administrator, you will manage disk drive letters by using these tools. To assign, change, or remove drive letters by using Disk Management 1. In Computer Management, open Disk Management. 2. Right-click a partition, logical...

How to Add and Remove Disk Quota Entries

Your instructor will demonstrate how to Add anew quota entry Remove a disk quota entry Introduction Use the following procedures to add and remove disk quota entries. Each new Procedure for adding a To add a new disk quota entry new disk quota entry 1. In Windows Explorer, right-click the volume for which you want to add a new disk quota entry, and then click Properties. 2. In the Properties dialog box, on the Quota tab, click Quota Entries. 3. In the Quota Entries window, on the Quota menu,...

What Are Groups

Groups simplify administration by enabling you to assign permissions for resources Groups simplify administration by enabling you to assign permissions for resources Groups are characterized by sccpe and type The group scone determines Another Jie group spans rnuliip e domains or is limited to a single domain The three grojp scopes are glcbal domam local, and universal Groups are characterized by sccpe and type The group scone determines Another Jie group spans rnuliip e domains or is limited...

What Are Shared Printer Permissions

Conncc Id a rintcr and send documents to the 'inter rfnrm tasks associated wrh this Prim ccrrrissior The Lscr a so has Gomplcte admrnsjratrve control of lie pr.rte' The ussr can ausc and restart tie pri iter, cb eh gc sncclcr settings shares primer adjuel inter cerrrissions, ans change printer properties. Pause, ncsure, restart, cancel, ard rearrange he order a'documents that all other users submit The user can no send documents to Die printer or control the staius of the printar. Introduction...

How to Determine Effective Permissions for Active Directory Objects

Your instructor will demon strate how ta determine effective permission For Active Directory objects Introduction Use the following procedure to view the effective permissions log for Active Procedure To view the effective permissions log 1. In Active Directory Users and Computers, in the console tree, browse to the organizational unit or object for which you want to view effective permissions. 2. Right-click the organizational unit or object, and then click Properties. 3. In the Properties...

What Happens When GPOs Conflict

When Group Policy settings in ttie Active Directory hierarchy conflict, Ihe settngs for the child container GPO apply Introduction Complex combinations of GPOs may create conflicts, which may require you to modify default inheritance behavior. When a Group Policy setting is configured for a parent organizational unit, and the same Group Policy setting is not configured for a child organizational unit, the objects in the child organizational unit inherit the Group Policy setting from the parent...

What Is Offline Files

Offline Files Is a document-managcment feature that provides the user with consistent online and offline access to files Advantages of using Offline Files Support for mobiSe users Automatic synchroniiation Performance advantages Backup advantages Definition Offline Files is an important document-management feature that provides the user with consistent online and offline access to files. When the client disconnects from the network, anything that has been downloaded to the local cache remains...

Microsoft Official Curriculum

Course 211A Mi ijgrng t K m I K-.iatmu tw JOC imtfnnni mri.r Imnu f m ULtif.w. l W -r. j. - > *r BibKmwl i rp mfl irln(7 j TOM* l n ws jnw flflj ta WKJ i* Ir Du Me I nr tomvtflHTfi i rp mfl irln(7 j TOM* l n ws jnw flflj ta WKJ i* Ir Du Me I nr tomvtflHTfi ImplWwnhng. tflnufj. -ip. j,- r A airJUrning ir Hicnuc Wl nrt-*-j wnr X .1 MaSh tA rnfr cirm r iF - wcw* SrrtK hui D ijilwvrw.mic rcrsofr.GOflii'trafiicerl Microsoft Training and Certification develops Microsoft Official Curriculum (MOC),...

What Are User and Computer Configuration Settings

Desktop settings Software settings Windows settings Securty settings Group Policy settings for computers Software settings for user configuration Windows settings for user configuration You can enforce Group Policy settings for computers and users by using the Computer Configuration and User Configuration features in Group Policy. Group Policy settings for users include specific operating system behavior, desktop settings, security settings, assigned and published application options,...

How to Monitor Network Usage

Your instructor will demonstrate how to monitor performance by using Procedure for monitoring network usage by using Performance It is important to monitor the network usage of your servers so that you can detect network bottlenecks. You can monitor network usage by using either the Performance console or Task Manager. To monitor network usage by using Performance 1. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Performance. 2. Right-click in the...

What Is a Foreign Disk

A dynamic disk when moved to 3 local computet from another computer running And Windows Server 2003 family of opera'Jng systems A disk moved within the same system, in some cases A d is k moved from a disk gtojp to aiwther computer that contains its own group can be displayed as a foreign disk Dynamic disks moved from one computer to another Disk failure during a move within the same system When you move a dynamic disk from one computer to another, Windows Server 2003 automatically considers...

Lesson Changing the Location of the Print Spooler

Why Change the Location of the Print Spooler How to Change the Location of the Print Spooler Introduction This lesson introduces you to the skills and knowledge that you need to change Lesson objectives After completing this lesson, you will be able to Explain the purpose of the print spooler. Explain situations that require you to change the location of the print spooler. Change the location of the print spooler. An executable file that manages the printing process, which Involves Retrieving...

How to Configure Group Policy Enforcement

H r.j - r-w I rsvp e> UkiHd - I Etfai i I rr.Aiil t *. -Ill 1. JnJ'lUikkUrfaCbU.EPtl Introduction Use the following procedure to configure the enforcement of a GPO link. Procedure To configure the enforcement of a GPO link 1. In Group Policy Management, in the console tree, expand the forest with the link for which you want to configure enforcement, and then do one of the following To configure enforcement for a GPO link to a domain, expand Domains, and then expand the domain...

Lesson Configuring Auditing

Guidelines for Planning an Audit Policy How to Enable Auditing for Files and Folders How to Enable Auditing for Active Directory Objects Best Practices for Configuring Auditing Introduction No security strategy is complete without a comprehensive auditing strategy. More often than not, organizations learn this only after they experience a security incident. Without an audit trail of actions, it is almost impossible to successfully investigate a security incident. You must determine as part of...

Attributes of a GPO Link

Iji ' Ma '> 1 IM1411 Introduction You can enable, disable, enforce, and group GPO links. These options significantly affect the user and computers accounts in the organizational unit that the GPO is linked to. The Enforced option The Enforced option is an attribute of the GPO link, not the GPO itself. If you have a GPO that is linked to multiple containers, you configure the Enforced option on each individual container. Furthermore, if the same GPO is linked...

Effects on NTFS Permissions When Copying and Moving Files and Folders

* When yoj copy files and folders, they intierit permissions of the destination folder iA'hen you move files and folders within tin same partition, they retain their permission * iA'hen you move files and folders to a different partition, they inherit the permissions of the destination folder Introduction When you copy or move a file or folder, the permissions may change depending on where you move the file or folder. It is important to understand the changes that the permissions undergo when...

Multimedia Printing Terminology

This activity defines the components of the printing process and provides an overview of the printing process To start the Printing Terminology activity, open the Web page on the Student Materials compact disc, click Multimedia, and then click the title of the activity. In the first part of the activity, you drag labels to components of the printing process. When you drop a label on the correct component, the definition of that component is displayed. You can also click Show me to have all...

Names Associated with Organizational Units

0U MyQfganizat en al Unit, DC-m icasof t, DC com Yllcroscrl. eom MyCrgan iza'ional Unit Introduction Each object in Active Directory can be referenced by several different types of names that describe the location of the object. Active Directory creates a relative distinguished name, a canonical name, and a relative distinguished name for each object, based on information that is provided when the object is created or modified. LDAP relative The Lightweight Directory Access Protocol (LDAP)...

Searching for and Moving Users Accounts

In this exercise, you will search for users in your city location and move them to the ComputerName Users organizational unit. The system engineers at NorthWind Traders have imported user accounts for the entire nwtraders domain. The system administrators are responsible for searching for the user accounts that have a city location attribute of their ComputerName and move the account to the Users folder in their ComputerName organizational unit. 1. Search for user accounts by using the...

What Is MMC

MMIC hosts tools, called snap-ins, that perform administrative functions 1 VJj-rf Difldwy WW W T- i s * ti dttw C- J i y 3te 5f ri Sei vkjm teat + am* rjtiviiwY iwt M.'. ,iefiw. J 4, . ouftv Htvqarwdi f Definition You use Microsoft Management Console (MMC) to create, save, and open administrative tools, called consoles, which manage the hardware, software, and network components of your Windows operating system. MMC runs on all client operating systems that are currently supported. What are...

Effects of Modifying Objects on Permissions Inheritance

Modifying Active Directory objects affects permissions inheritance. As a systems administrator, you will be asked to move objects between organizational units in Active Directory when organizational or administrative functions change. When you do this, the inherited permissions will change. It is imperative that you are aware of these consequences prior to modifying Active Directory objects. When you move objects between organizational units, the following conditions apply Permissions that are...

Lesson Scheduling Backup Jobs

What Is a Scheduled Backup Job What Are Scheduled Backup Options How to Schedules Backup Job Best Practices tor Backup Introduction In addition to backing up files and folders, the responsibility of a systems administrator includes scheduling backups. Using your organization's backup plan, schedule your backups so that they contain the most complete and up-to-date set of files by using the least time-consuming method. Lesson objectives After completing this lesson, you will be able to Explain a...

How to Use the Run As Command

Your instructor will demonstrate how to use the Run as command from The Startmenu Windows Explorer The command line prompt Procedure for using the Run as command from the Start menu Use the Run as command to launch an MMC console in the context of an account that has the appropriate rights to perform the task. For example, if you are logged on a server as a user and you want to install a new software package, you can log off, log on as an administrator, open Control Panel, use Add Remove...

How to Set Up Run As Shortcuts

Your instructor will demonstrate how to set up a Run as shortcut ijjo Performance Computer Management Device Manager Disk Manager Active Directory * MMC To save time, you can configure Run as desktop shortcuts to the administrative To set up a Run as shortcut to Performance 1. Right-click the desktop, point to New, and then click Shortcut. 2. On the Create Shortcut page, in the Type the location of the item box, type runas user Nwtraders administrator mmc windir system32 perfmon.msc and then...

Best Practices for Compressing Files or Folders

Determine which file types to compress Do not compress already compressed files or system files Compress static dala rather than data that changes frequently Determine which file types to compress Do not compress already compressed file Consider the following best practices for managing compression on NTFS partitions. Because some file types can be compressed more than others, determine which file types to compress based on the anticipated size of the compressed file. For example, because...

Exporting Disk Quota Entries

In this exercise, you will export the disk quota entries that you created to a binary file. 1. Export disk quota entries to a binary file. In Disk Management, highlight the new quota entries that you created in the previous exercise, and then on the Quota menu, click Export. Name the quota entries file export.bin and then save the file in C MOC 2275 Labflles. Close the Quota Entries for New Volume (D ) window, close the New Volume (D ) Properties dialog box, and then click OK to close the...

J

If you disable a policy setting, you are disabling the action of the policy setting. For example, users by default can access Control Panel. You do not need to disable the policy setting Prohibit access to the Control Panel to allow a user to access Control Panel unless a previously applied policy setting enabled it. In this situation, you set another policy setting that disables the previously applied policy setting. This is helpful when you have inherited policy settings, and you do not want...

Practice Creating Groups

Create groups by using Active Directory Leers and Computers Create groups by using the dsadd command-line tool In this practice, you will create global and local groups by using Active Directory Users and Computers. You will also create global groups by using the dsadd command-line tool. Log on to the domain by using the ComputerNameUser account. Open CustomMMC with the Run as command. Use the user account Nwtraders Com uterNameAdmin (Example LondonAdmin). Ensure that CustomMMC contains Active...

Modifying the Default Setting

In this exercise, you will modify default settings for all computers by using Group Policy Management Console. Start the Group Policy Management Console. a. Use runas to start the Group Policy Manager snap-in with administrative privileges runas user nwtraders administrator mmc windir system32 gpmc.msc b. Expand Group Policy Management, expand Forest nwtraders.msft, expand Domains, expand nwtraders.msft, expand Locations, and then click your ComputerName organizational unit. c. Right-click...

Lab A Managing Disaster Recovery

Recover from a corrupt registry by using Last Known Good Recover from a corrupt registry by restoring System State data Recover from a corrupt boot tile by using the Windows startup disk Objectives After completing this lab, you will be able to Install the Recovery Console. Create a Windows startup disk. Recover from a corrupt registry by using Last Known Good. Recover from a corrupt registry by restoring System State data. Recover from a corrupt boot file by using the Windows startup disk....

Vpg Patch Vulnerability

To view the Software Update Services presentation, open the Web page on the Student Materials compact disc, click Multimedia, and then click the title of the presentation. Windows Update is the online extension of Windows that helps keep your systems up-to-date. Use Windows Update to select updates for the operating systems, software, and device drivers on your network. New content is added to the site regularly, so you can always get the most recent updates to help protect your server and the...

Characteristics of Active Directory Object Permissions

Active Directory objcct permissions can be Set as standard or sped a permissions S& ri& rii fjcrmifofli arc tic mrei frcqu snlly assignee Dismiss ans Specialpermistfons provide e Hnsr ilegrw of ccntrcl for assigring gessss ID ctjEcts Set at the object level or inherited from ite parent object Although NTFS permissions and Active Directory object permissions are similar, certain characteristics are specific to Active Directory object permissions. Active Directory object permissions can be...

What Is Group Nesting

It means adding a group as a member of another group * Nest g ro up s to conso I id at e g rou p rn ana g em cnt Nesting options depend on whether the domain functional level of your Windows Server 2003 domain is set to Windows 2000 native or Windows 2000 mixed Introduction Using nesting, you can add a group as a member of another group. You can nest groups to consolidate group management. Nesting increases the member accounts that are affected by a single action and reduces replication traffic...

What Are Universal Groups

Native mode Jser accounts, global groups,and otfer uHiersalgraj3s from any doriain in tie rest Native mode Honaih local anc universal groups ir eny domain Definition A universal group is a security or distribution group that can contain users, groups, and computers from any domain in its forest. You can use universal security groups to assign user rights and permissions to resources in any domain in the forest. Characteristics of The following summarizes the characteristics of universal groups...

Group Memberships Used to Administer a Server

Member of lliese group* are gi anted pemfcsiont 1 perform specific system tasks Administrators should always be a member of n group that * PBTawsaladitliieliHlnfa iis, m (Harfe art sanieia aM it. wnlo oss rvsrst isr - C enle , tel is, rcdfeii .jsii fiutin N a'idg'OJii CaTol ircnfy JTTfivraJois iDLp a anfCpEralors jHJLps St 's dJ feacijii i 5k) 5 up ar restares lies SdBLf', Msr- jfi iiewiil pile's Introduction To administer a server, you must have appropriate permissions to do the job. It is...

Names Associated with Domain User Accounts

GN jayadarr s C N il ers .dc nw1radcrB .dc *nsfl Introduction There are four types of names associated with domain user accounts. In Active Directory, each user account consists of a user logon name, a pre-Windows 2000 user logon name (Security Accounts Manager account name), a user principal logon name, and a Lightweight Directory Access Protocol (LDAP) relative distinguished name. User logon name When creating a user account, an administrator types a user logon name. The full name must be...

How to Delegate Control of an Organizational Unit

Your instructor wifl de mon strate how tu delegate control of an organizational unit Procedure for delegating control for common tasks To grant permissions at the organizational unit level, use the Delegation of Control Wizard. You can grant permissions for managing objects, or you can grant permissions for managing specific attributes of those objects. Using the Delegation of Control Wizard is the preferred method for delegating control, because it reduces the possibility of unwanted effects...

How to Sort Quota Entries

Vour instructor will demonstrate how to sort quota entries Introduction After setting up the list of users who are using disk quotas, you can use the following steps to sort the results of disk quotas. Procedure for sorting To sort quota entries quota entries 1. In Windows Explorer, right-click the volume for which you want to sort quota entries, and then click Properties. 2. In the Properties dialog box, on the Quota tab, click Quota Entries. 3. In the Quota Entries window, on the View menu,...

Practice Managing File Compression

In this practice, you will Compress fattens Mojs and copy compressed filas and folders and track the results Move and copy compressed files and folders, and track the results. Identify the effects of moving and copying compressed files and folders. You are the systems administrator for an organizational unit on a large network. The accounting department manager complains to you about the amount of free disk space left on his server's hard disk drive. He wants at least 20 percent more free space...

Properties Associated with Computer Accounts

The Properties dialog hex fora computer account contains The Properties dialog box for a computer account contains unique information about each computer account that is stored in Active Directory. The more complete the information in the Properties dialog box, the easier it is to search for computers in Active Directory. The following table lists the most commonly used property options for computer accounts. Operating System Member Of Location Managed By Computer name, DNS name, description,...

What Are Domain Functional Levels

W rdows N Server 4,0, lAlrdflws mo, Definition The characteristics of groups in Active Directory depend on the domain functional level. Domain functionality enables features that will affect the entire domain and that domain only. Three domain functional levels are available Microsoft Windows 2000 mixed, Windows 2000 native, and Microsoft Windows Server 2003. By default, domains operate at the Windows 2000 mixed functional level. You can raise the domain functional level to either Windows 2000...

Best Practices for Managing Access to Files and Folders Using NTFS Permissions

Grant permissions le domain local groups as opposed to users Group resources to simplify administration Allow users only the level of access that they require Grant Read Execute permission for application Folder Grant R d & Execute and Write permissions f r data folders Best practices When managing access to files and folders, consider the following best practices when granting NTFS permissions Grant permissions to groups instead of users. Because it is inefficient to maintain user accounts...

What Is Disaster Recovery

A disaster is a sudden catastrophic loss of data Disaster recovery Is the process of resuming normal business operations as quickly as possible after the disaster Is over Disaster recovery process includes Executing a written disaster recover plan Testing all hardware and software before resuming o pernors How often should you perform backups How long will you save the backups before reusing the medium Assuming failure, how much time will it take to restore from the most recent backup Is that...

What Are Effective Permissions for Active Directory Objects

Permissions are cumulative Deny permissions override all other permissions Object owners can always change permissions Retrieving effective permissions Introduction You can use the Effective Permissions tool to determine what the permissions for an Active Directory object are. The tool calculates the permissions that are granted to the specified user or group and takes into account the permissions that are in effect from group memberships and any permissions inherited from parent objects....

Counter Log File Formats

Oomma-ttjiriited log nib (wilh s Wiensen) T Hptfl leg data irlo s ssreadsheet pnsgrain Tali-delimited k-j i i> (w Ui a I v Tu xpert lug data irld a spreadsheet program St*qu r1ial. tiriary-iixirial ug i b l 'ih a Lb eatcn ioi Tu Tteurd iJlIj nasrscM 1iial aro intofrnittEnt CirLulai bmatv-fufrml Idu fi' w lh a bit ffii-ftrslorj 1pttlXr4 Jbilj ouirinuojsfy tt same tag file Name of an ending 5CL rfataheee and log etwthi hs dst base here pe-fcHTifiiice data .'ill be read To collect paVnarce data...

When to Require or Restrict Password Changes

Create local and doms r service accounts * Create tisW Iocs accounts lhat Will not log on locally To create a more secure environment, require password changes on user accounts and restrict password changes on service accounts. The following table lists when you need to restrict or require password changes. Create new domain user accounts. Select the check box that requires the user to change the password the first time the user logs on to the domain. Reset passwords. This option enables the...

Lesson Managing Security Logs

What Are Log Files Co mm or Security Events Tasks Associated with Managing the Security Log Files How to Manage Security Log File Information How to View Security Log Events Introduction You can configure the security logs to record information about Active Directory and server events. These events are recorded in the Windows security log. The security log can record security events, such as valid and invalid logon attempts, as well as events that are related to resource use, such as creating,...

Organizational Unit Hierarchical Models

As a systems administrator, you do not select the design of the Active Directory structure for your organization. However, it is important to know the characteristics and ramifications of each structure. This knowledge may be critical to you when performing systems administrator tasks within the Active Directory structure. This topic describes the four basic hierarchy designs. The function-based hierarchy is based on only the business functions of the organization, without regard to...

Naming Guidelines for Groups

Incorporate tfce scope in the naming convention of the group name The name should reflect the ownership (division or lean name) Place torn* in names or abbreviations al the teg idling of the group name Use a descriptor to entity 11i maximum permissions a group can hove, such as OS_ IT London U Admins For distribution groups Use a short alias myitis Do not include a users alias name as part of a display it me Allow a maximum of five coolers of a single distribution group In Active Directory,...

Best Practices for Creating User Accounts

Best practices for creating local user accounts Limit the number of people who can log on locally Best practices for creating domain user accounts Disable an account that will not he scd immediately Rsq ui re users to ch trig a thai r pas swo rd s ill e first lime that they og on introduction There are several best practices for creating user accounts that reduce security risks in the network environment. While software products change, review current best practices at www.microsoft.com...

Lab A Implementing Printing

Install printers Set printer locations Objectives After completing this lab, you will be able to Install printers. Set printer locations. Instructions Before you begin this lab, log on to the domain by using the Note This practice focuses on the concepts in this lesson and as a result may not comply with Microsoft security recommendations. For example, this practice does not comply with the recommendation that users log on with domain user account and use the Run as command when performing...

What Are Lockedout User Accounts

DeHres (he - umber of fa iled logon attarnpta P'everts tie sfcers from guessing Lssr paiswo'ds Ai account can exceed the accoimt lockout threshold by too many failed lagan attar pis At a screen sawer protected hy a password Introduction A user account is locked out because the account has exceeded the account lockout threshold for a domain. This may be because the user has attempted to access the account with an incorrect password too many times or because a computer hacker has attempted to...

Practice Using Offline Caching

Create a shared folder with no caching for documerts or programs In this practice, you will create a shared folder and use different caching options. Log on to the domain as ComputerName Admin. Note You cannot use the Run as command with Windows Explorer, so you must log on as ComputerName.Admin to have the permissions that you need to complete this practice. Review the procedures in this lesson that describe how to perform this task. The Human Resources department wants you to configure a...

What Is a Device

Definition A device is any piece of equipment that can be attached to a computer. Examples of devices Some examples of devices are a video card, a printer, a joystick, a network adapter, a modem card, or any other peripheral equipment. Types of devices Devices can be divided into two groups Plug and Play is a combination of hardware and software support that enables a computer system to recognize and adapt to hardware configuration changes with little or no user intervention. You can add or...

Lesson Setting Printer Priorities

What Ate Printer Priorities How to Set Printer Priorities Introduction You may want to configure printer priorities for two printers that print to the same print device. This configuration guarantees that the printer with the highest priority prints to the print device before the printer with the lower priority. This is a good strategy if the printer with the lower priority is only available to print during nonbusiness hours and has many documents waiting to print. If you must print to the...

Lesson Overview of Security in Windows Server

Permissions User Rights Assigned to BtiilHn Groups How to Assign User Rights Introduction In this lesson, you will learn about user rights, permissions, and user rights assigned to built-in groups. You will also learn how to assign user rights. Lesson objectives After completing this lesson, you will be able to Distinguish between rights and permissions. Describe the user rights assigned to built-in groups. Definition When a user logs on, the user receives...

Practice Configuring File Encryption

Move and copy encrypted tiles and folders Move and copy encrypted files. Identify the effects of moving and copying compressed files and folders. You are the systems administrator for an organizational unit on a large network. The Research and Development R amp D department has a server that can be accessed by all of the employees in the department. Although the department manager has configured NTFS permissions on most folders to restrict unauthorized users from looking at the files, he wants...

What Is a Signed Device Driver

Digital signature indicates that the device driver meets a certain level of testing and that It ha riot been altered by another program's installation process lt Use signed device drivers to ensure ttie performance and stability of ycur system To ensure that device drivers and system files remain in their original, dig tally-signed state, Windows provides Introduction Each device driver and operating system file that is included with Windows has a digital signature. The digital signature...

How to Modify User and Computer Account Properties

Your instructor will demonstrate how to modify user and computer accounts Introduction As a systems administrator, you must be able to modify user and computer account properties to manage the network efficiently. Procedure To modify user and computer accounts 1. In Active Directory Users and Computers, in the console tree, navigate to the container that contains the user or computer account that you want to modify. 2. In the details pane, select the user or computer account that you want to...

Lesson Modifying User and Computer Account Properties

When to Modify User and Computer Account Properties Properties Associated with User Accounts Properties Associated with Computer Accounts How to Modify User and Computer Account Properties Introduction This lesson presents the skills and knowledge that you need to modify user and Lesson objectives After completing this lesson, you will be able to Determine when to modify user and computer account properties. Describe properties associated with user accounts. Describe properties associated with...

Guidelines for Establishing a Baseline

Baseline 5 data collected over time during varying but typical types of workloads and user connections When determining your baseline, understand the types of work being done and the days and times when the work is being done Establish a baseline early in deployment, and hen measure actus performance against the baseline dliring deployment Establishing a baseline early helps to quickly identify and resolve system bottlenecks Introduction You derive a baseline measurement from a collection of...

How to Create User Accounts

Yo u r i n structor wi 11 de rno n strate how to Create a domain user account Create 3 local use account Introduction Domain user accounts enable users to log on to a domain and access resources anywhere on the network, and local user accounts enable users to log on and access resources only on the computer on which you create the local user account. As a systems administrator, you must create domain and local user accounts to manage your network environment. Important You cannot create local...

Microsoft

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is...

Why Modify Shared Printer Permissions

Limit access to a printer for selected users Example Give all non administrative users in 3 departments low-level permission and give all managers a higher-i amp VBl permission. This enables both usars and managers to print documents, but managers can change the print status of any docuTiertfsen to the printer. Deny access to a printer far selected users Example Give selected members of a group he ability to print document and deny other group members access to tha printer to Ibroe thsm to uss...

Practice Configuring MMC to Manage Files on a Remote Server

Configure IVMC to manage aid monitor a local server and a remote server Configure MMC to manage and monitor a local server and a remote server. Use the Run as command to open MMC. You are the systems administrator for an organizational unit on a network. You are responsible for managing and monitoring the shared folders on your server and on a remote server. You will create an MMC snap-in that allows you to manage and monitor shared folders on both servers simultaneously. You will also create a...

Role of MMC in Remote Administration

Provides an interface to snap-ins thai manage hardware, software, and network services for servers running Windows Server 003 and computers running Windows XP Why Use MMC in remote administration Use for tasks frequently accomplished on remote Use to manage similar tasks- on many remote computers Introduction Microsoft Management Console MMC provides an interface that you can use to create, save, and open administrative tools, called snap-ins, that manage the hardware, software, and network...

How to Enable and Disable User and Computer Accounts

Your instructor will demonstrate how to enable and disable user and computer accounts flddtD a q'fl-p m MHMwai I rij gt lilf ttotfit J Introduction When an account is disabled, the user cannot log on. The account appears in the details pane with an X on the account icon. Procedure To enable and disable a user or computer account by using Active Directory 1. In Active Directory Users and Computers, in the console tree, select the container or the user that contains the account to be enabled or...

What Is Automated System Recovery

A recovery option in the Backup utility that contains two parts ASR backup and ASR restore Can back up the operating system Does not in lu tie data Files Creates a floppy disk, which contains information about Disk configurations including basic and dynamic volumes Hrw tc acoomptiai a restore procedure a J I Flif-ajim ji.vd idp rajcirilE n fMo-p bjc -u ol j gt cu s JQtv dbi, Did K JT 4 jtw syawn giroi. and cihei swiia ihs crriaiii a baetup oJ urn -jcal sysis- pjrJm Choose the All information on...

Lesson Configuring Device Driver Signing Options

Group Policy Selling for Unsigned Device Driver What Is Group Policy Management Console How to Configure Device Driver Signing Options Lteihp Group Policy How to Configure Device Driver Signing Options Manually Introduction This lesson introduces devices, device drivers, device driver signing, and Group Policy driver signing settings. This lesson also describes how to configure device driver signing manually and by using Group Policy objects. Lesson objectives After completing this lesson, you...

Practice Determining Effective Permissions on NTFS Files and Folders

In this practice, you will determine effective NTFS permissions Objective In this practice, you will determine the effective NTFS permissions. Instructions Before you begin this practice Log on to the domain as ComputerName Admin. Note You cannot use the Run as command with Windows Explorer, so you must log on as ComputerName,Admin to have the permissions that you need to complete this practice. Review the procedures in this lesson that describe how to perform this task. Scenario The HR Manager...

Creating Shortcuts to Administration Tools

In this exercise, you will create shortcuts to commonly used administrative tools. 1. Create a shortcut to Computer Management. a. Create a shortcut to Computer Management by right-clicking the desktop, clicking New, and then clicking Shortcut. b. In the Type the location of the item box, type runas user nwtraders administrator mmc windir system32 compmgmt.msc and c. In the Type a name for this shortcut box, type Computer Management and then click Finish. 2. Create a shortcut to Active...

What Is a User Account Template

A user account template is a user account that contains ihe properties that apply to users with common requirements User ac count tem plates m a ke creati n g u ser ac counts with standardized configurations more efficient Definition You can simplify the process of creating domain user accounts by creating a user account template. A user account template is an account that has commonly used settings and properties already configured. Using account templates For each new user account, you only...

How to Manage Sessions by Using Terminal Services Manager

Your instructor will demonstrate how to Monitors remote session Log off 3 remote session Disconnects re -mote session Log off a disconnected session Procedure for monitoring a remote session Procedure for logging off a remote session Procedure for disconnecting a remote session Procedure for logging off a disconnected session By monitoring a remote session, you can find out who has established a remote connection and determine the status of that connection. If the connection has been idle, and...

What Are Timeout Settings for Remote Desktop Connections

Specifies how long client sessions cart remain active or tie server Connection sessions remain opsn Eiter the Kerrote Desktop window is tos9d 01 the dient computer Qonliguio timeout settings to nosctlhe session or log o tho user Use timeout settings to prevent a remote connection from consuming valuable server resources Focc a user log oil after disconnecting Diicornects the user I me lirr-fl is exceeded iscornecta the user sftenhe aniojnt of de Sine is acreersd Each session that you log on to...

What Is the Performance Console

The Pe rfo rma n ce con so le contai lis System Monitorand Performance Logs and Alerts You can oollecL and view real-time data of a local computer or several remote computers You can create graphs, histograms, and performance counter data Provides logging and alert capabilities Defines seHings ioi counter logs, trace logs., and alerts Introduction Windows Server 2003 provides the following tools as part of the Performance console for monitoring resource usage on your computer Performance Logs...

What Is an Organizational Unit

Allows you to delegate administrative control Sim p I ifrfis t he man ageme nt of co m m only g rou ped resource Definition An organizational unit is a particularly useful type of Active Directory object contained in a domain. Organizational units are useful, because you can use them to organize hundreds of thousands of objects in the directory into manageable units. You use an organizational unit to group and organize objects for administrative purposes, such as delegating administrative...

Lesson Installing and Configuring Software Update Services

Wiiat Are Software Update Services Server Distribution Points Server Requirements for Software Update Services How to Install and Configure Software Update Services Guidelines for Testing Content for a Software Update Services Environment Introduction Software Update Services consists of both client-side and server-side components to provide a basic solution to critical patch management. This lesson explains how to install and configure the client-side and server-side components of Software...