Preventing IIS Installation

You can prevent the installation of IIS on any Windows Server 2003 computer by means of a new group policy. You can apply the policy locally or across the domain. To apply the policy locally, choose Start Run, type gpedit.msc, and click OK. In the Group Policy Object Editor, expand the Computer Configuration object in the console pane to Administrative Templates Windows Components Internet Information Services (see Figure 3-11). The only policy in the details pane is Prevent IIS Installation....

Replmon

Replmon is a graphical tool for monitoring replication between sites. Replmon is installed when you install the Support Tools, as described earlier in the DCDiag section. Running replmon at the command prompt opens the Active Directory Replication Monitor window, shown in Figure 19-4. By right-clicking the root node, you can select a server to monitor. This opens a dialog in which you can define a server to be monitored. Once you make the connection, you can do a variety of tasks Update the...

NLB Architecture

Network Load Balancing runs as a Windows networking driver, and the operations of the driver are transparent to the TCP IP stack. All computers in the cluster can be addressed by the cluster's IP address. However, each computer also maintains its own unique, dedicated IP address. Microsoft implemented NLB as a network driver that operates between the network card driver and the IP stack. All members of an NLB cluster must reside on the same IP subnet, so that client requests directed to the...

Enable Auditing for the Computer

On the print server, open the Local Security Settings snap-in, which is available on the Administrative Toolsmenu. Expand Local Policies in the console pane, and select Audit Policy to display the available audit policies in the details pane. Security Settings i+1-TQ Account Policies CU Local Policies User Rights Assignment E Security Options S-LJ Public Key Policies El LJ Software Restriction Policies Si IP Security Policies on Local Computer ifio Audit account logon events Success Audit...

Delegating Group Policy Management

You can delegate the following Group Policy tasks Managing Group Policy links per Active Directory container Performing Group Policy modeling Reading Group Policy results data Creating, managing, and editing WMI filters for GPOs To delegate permissions for linking GPOs to Active Directory containers, click the node in the GPMC console tree and then click the Delegation tab in the right pane of GPMC. Several items are listed here, so right-click the one whose permissions you want to change, and...

Netdiag

Netdiag is another tool located under Support Tools on the installation CD. You can use dcdiag and replmon, mentioned previously in this chapter, to find errors, but you should also be aware of the netdiag tool. Network diagnostics performs several network tests and reports back any errors it finds. Just open a command prompt and type C Documents and Settings Administrator> netdiag DNS Host Name server2003.company.dom System info Windows 2000 Server (Build 3718) Processor x86 Family 6 Model...

Administrative Templates

What most people think about when they hear the term Group Policy are the administrative templates that centrally configure the registry of clients. This extension is where the registry-based administrative templates (.adm files) live in Group Policy. Some 700 unique settings are available through using .adm files. Windows Components These settings allow you to configure settings for operating system components, such as NetMeeting, Internet Explorer, and Terminal Services. System These settings...

Spooler

The spooler is software a group of DLLs that take care of the chores that must be accomplished when a document is sent to the printer. Those chores include Tracking the printer ports associated with each printer. Tracking the configuration of the physical printer, such as memory, trays, and so on. Assigning priorities to the print jobs in the queue. Sending the print job through a series of software processes that depend on the type of job, the type of data, and the location of the physical...

Computer Configuration

This portion of a GPO contains the settings that configure computers in the Active Directory container that is linked to the GPO. These settings affect all users on that computer. Figure 22-2 shows Computer Configuration opened to reveal all of your configuration options for this node. Note that I chopped the screenshot in half and set the halves side by side so that you can see all the options on a single printed page. Now we'll go through the groups of settings available in Computer...

RIS Client Procedures

The RIS client is the key to loading the operating systems. The first step, which is simple but sometimes overlooked, is changing the boot order for the personal computer or server slated for loading, with the network adapter as the first boot device. Upon reboot, the client will contact the RIS server to request a network service boot. Then RIS menu will appear upon pressing F12, which provides the options to either install a new operating system or access the RIS tools for maintenance....

Microsoft Network Security Hotfix Checker Hfnetchk

HFNETCHK is a command-line utility that allows you to check whether a workstation or server is up to date with all of its security patches. MBSA V1.1, which was released in December 2002, replaces the stand-alone HFNETCHK tool with an equivalent program Mbsacli.exe. Administrators who are currently using HFNETCHK can get the same information by typing the following command from the folder where MBSA 1.1 was installed Mbsacli.exe hf. Mbsacli.exe, the HFNETCHK replacement, can be used to check...

Delegate Administration of an OU

Quite a few administrators have told me that they create OUs solely for the purpose of delegating the work of administering the enterprise. They organize their OUs to match the way the company is organized, and delegate administrative tasks to members of the IT department in a logical fashion. For example, if a company is organized by building floors, the delegated administrator occupies a desk on the appropriate floor. To delegate control of an OU, right-click the OU's object in the console...

Additional Options for Disk Cleanup

The Disk Cleanup dialog has a More Options tab that presents two additional clean-up alternatives Windows components Lets you remove optional Windows components that you installed but don't use. Installed programs Lets you remove programs you've installed but aren't planning to use anymore. Selecting either of the following choices produces the appropriate Windows dialog Optional Windows Components Displays the Add or Remove Windows Components dialog that is accessed from the Add or Remove...

Shared Folders

The Shared Folders snap-in lets you keep an eye on connections and resource use, offering information via three subfolders in the console pane. Shares Open the Shares object to see the shared resources on the computer. The columns in the details pane offer information about each share. The shared resource a shared directory, named pipe, shared printer, and so forth The type of network connection Windows, NetWare, Macintosh The number of users currently connected to the shared resource The...

Regeditexe

The only registry editor in Windows Server 2003 is Regedit.exe regedt32 is gone. (If you open Start Run and enter regedt32, Regedit.exe opens). Most of us who work in the registry frequently have always preferred the interface of Regedit.exe, and only used regedt32 to set security settings. Now, the security settings are available in Regedit.exe, so we won't miss regedt32. Prevent Regedit from Displaying the Last Accessed Key One thing I dislike about Regedit in Windows Server 2003 (and in...

Installing DNS Using the Manage Your Server Wizard

Here is how you can install DNS from the Manage Your Server Wizard 1. Once the Manage Your Server Wizard starts, you will see two choices. They are Adding Roles To Your Server and Managing Your Server Roles. 2. Choose Add Or Remove A Role. You will see the Preliminary Steps screen. 3. The Wizard starts scanning your network interfaces. 4. Once this is done, you are offered two choices, Typical Configuration Of First Server, or Custom Configuration. Typical is a turnkey solution that will...

R

Raster Fonts, using with Command Prompt window, 203 RAW data type, using with print processors, 282 RAW print server protocol versus LPR, 286 RD (rmdir) Console command, description of, 886 Read & Execute permissions, table of, 534 Read Control permission in registry, explanation of, 129 Read* permissions, explanations of, 534-535 realm trusts, relationship to AD, 676-677 accessing, 880-881 changing environment of, 890 changing rules for, 888-890 overview of, 880 preinstalling, 881...

Fonts

Managed object format (MOF) file that can be compiled to provide extended attributes to the common information model repository (CIM) of Windows Management Instrumentation (WMI). Domain rename tool. Used to rename domains that are running in the Windows Server 2003 domain functional level. Windows NT 4 Internet Authentication Service (IAS) Table 2-3. Files on the Windows Server 2003 Media (continued) TTCP.EXE Previously part of Windows Resource Kits, this tool is used to generate raw TCP or UDP...

ARC Path Statements

On x86 computers, there are two structures available for the ARC path a line that begins with multi() or a line that begins with scsi() A is the ordinal number for the adapter (the first adapter is 0, which should be the boot adapter). B is disk parameter information, and is used only with the scsi() syntax. C is the ordinal for the disk attached to the adapter. D is the partition number, and the first number is 1 (as opposed to adapters and drives, which begin numbering with 0). The way the A,...

Query for Task Information

You can view a list of tasks by entering schtasks query at the command line. The resulting display includes all tasks, including those created in the Task Scheduler GUI and by using schtasks.exe at the command line. This is an important difference between the capabilities of schtasks.exe and AT.exe. Increase the power of the query parameter by using the following syntax schtasks query s ServerName fo format nh v s ServerName specifies a remote computer as the target for the command. fo format...

Windows Server The Complete Reference

With Rich Benack, Christian Branson, Kenton Gardinier, John Green, David Heinz, Tim Kelly, John Linkous, Christopher McKettrick, Patrick J. Santry, Mitch Tulloch New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Copyright 2003 by The McGraw-Hill Companies, Inc. All rights reserved. Manufactured in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may...

Ntlm

NTLM is the authentication protocol for transactions when at least one computer involved in the transaction is running Windows NT 4. Windows Server 2003, like Windows 2000, supports NTLM authentication. It's important to remember that this doesn't just mean it's possible for Windows NT 4 computers to authenticate when accessing a Windows Server 2003 computer it also works the other way around. Windows Server 2003 supports NTLM in both directions, and therefore will use NTLM when accessing a...

An Overview of Color Management

While it's beyond the scope of this book to enter into a deep and detailed discussion of the color management utilities included in ICM, it seems worthwhile to present an overview so you can decide for yourself whether you need to investigate this feature more fully. ICM uses APIs to configure colors for input and output devices (monitor, scanner, and printer). You can assign color profiles to printers so that users can access those profiles. The color profile has the data needed to send codes...

L

Ramove jsii fofctars Irani the Start. Meru Net ccc Qjred ifi Remove nr.5 and & i s le Windows Update Net crr gjr d Remove conmcn program gntps from Star Menu Net -err gj red Remave My L'a arresta toon f*wn Stal Maro Net acivgjred l Remove Doetiren s -maro fron Start Maro Net aenr jred Remove orograms on Settings menj Not ccrfgjred Remove Meiwoik Comedien* from Slat Menu Net ccr gj red s M Remave Favo its g mero ruar. Start Hero Net aenrgjred Ramove Saacct menu from Slat Manu Net cctf -ired...

Note

Windows Server 2003 offers the same LPR functionality as Windows 2000. That doesn't mean you won't need LPR it just means you won't need it for printing over TCP IP within the Windows Server 2003 environment. However, you will need LRP to provide printing services in an environment that includes UNIX. LPR protocols permit client applications to send print jobs directly to a print spooler on a print server. The client side of this is called LPR, and the host side is...

NTLM Authentication

Microsoft Windows 9x and Windows NT operating systems cannot use Kerberos, so they use NTLM for authentication in a Windows Server 2003 domain. There are security weaknesses in NTLM that can allow password crackers to decrypt NTLM-protected authentication. To prevent this, NTLM version 2 was developed by Microsoft. Windows 2000 clients and servers, as well as XP, will continue to authenticate with Windows Server 2003 domain controllers using Kerberos regardless of whether NTLM or NTLMv2 is...

Arp

The ARP utility displays the current contents of the system's Address Resolution Protocol cache. This cache contains the MAC addresses and IP addresses of the machines on your local network that have recently been involved in TCP IP communications. The syntax is arp -a InetAddr -N IfaceAddr -g InetAddr -N IfaceAddr -d InetAddr IfaceAddr -s InetAddr EtherAddr IfaceAddr -a InetAddr -N IfaceAddr lists current ARP cache tables for all interfaces. To display the ARP cache entry for a specific IP...

Mppe

MPPE can encrypt data in PPTP VPN connections. It supports the following encryption schemes Strong 128-bit encryption for use only within the United States and Canada To use MPPE, you must use either MS-CHAP or MS-CHAPv2 authentication protocols. Despite popular belief, IPSec is actually a collection of cryptography-based services and protocols. It provides authentication as well as encryption to a VPN connection that uses L2TP. However, L2TP still uses the authentication methods, such as EAP...

Show File Extensions to Avoid Danger

There is one change in the View options you should make for all users and all computers on your network. Deselect the option Hide extensions for known file types. This is a dangerous setting and I've never understood why Microsoft makes it the default setting. This setting probably launches more viruses than we'll ever know about. Even with diligent attention to keeping your antivirus software up to date, you can get a new virus before a detection method is available from your antivirus...

Working with Removable Storage Manager

You'll find some complications inherent in the Windows Server 2003 backup utility if you back up to tape devices. The need to manage tape media with the Removable Storage Manager (RSM) and the media pool has made backing up to tape more complex. If you're migrating from Windows NT 4, especially if you used batch files to back up, you're probably going to have mixed emotions about the new features in the backup utility. For many organizations, tapes used to be merely another media form, and...

NTFS Permissions vs Share Permissions

When you share a resource (for example, a folder), you can set permissions for the share, even if the volume on which the share resides is formatted with FAT or FAT32. Share permissions apply to any user accessing the share from a remote computer they're ignored for local users. NTFS permissions, on the other hand, affect every user, whether local or remote. To set share permissions, click the Permissions button on the Sharing tab of the share's Properties dialog. By default, the Permissions...

Lmhosts

When a NetBIOS broadcast fails, the next alternative is to consult the LMHOSTS file on the local computer. You can see an example in the systemroot system32 drivers etc folder. Unlike HOSTS files, LMHOSTS files have additional options for name resolution, including but not limited to the following PRE An entry preceded with this keyword will be preloaded into cache on system startup. DOM domain name This keyword is needed for domain validation across a router, and for domain browsing, and...

Info

The Add Edit Port Rule window allows you to assign a port rule to a single virtual cluster, or to all the NIC's clusters. Protocols Select the specific TCP IP protocol that the port rule covers (TCP, UDP, or both). The network traffic for the protocol that is named here will be the only traffic that is affected by this rule. All other traffic will be handled using the default filtering mode. Filtering Mode To specify that multiple hosts in the cluster will handle network traffic...

Port Rules

Port rules help determine the way the cluster traffic is handled for each port, which makes it easier to configure and control clusters. The method by which a port handles network traffic is referred to as its filtering mode. The Port Rules tab, shown in Figure 24-4, displays current port rules. Clicking the Add or Edit button brings up the dialog shown in Figure 24-5, where you can create or modify port rules. You create a port rule by specifying a set of configuration parameters that define...

Joining the Console Session

A server that's enabled for remote desktop can support two remote sessions in addition to the regular (interactive) console session. You can also take over the console session remotely if you have some reason to work exactly as if you were sitting in front of the computer. If you do so, you bump the current interactive user, if one is logged on. If you're running remote desktop 5.2 (or higher), you can perform this action in the GUI, but if you're working with version 5.1, you must use the...

Reg Copy

Use the reg copy command to copy a registry entry to a new location in the local or remote registry. The syntax is reg copy Machine SourceKey Machine DestinationKey s f Machine SourceKey is the computer name and registry path for the source computer. Omit the machine parameter if the source is the local computer. Machine DestinationKey is the computer name and registry path for the target computer. Omit the machine parameter if the target is the local computer. s copies all subkeys beneath the...

Update Security Level

This policy setting specifies whether the computers to which this setting is applied use secure dynamic update or standard dynamic update for registration of DNS records. To enable this setting, select Enable and choose one of the following values Unsecure Followed By Secure If this option is chosen, then computers send secure dynamic updates only when nonsecure dynamic updates are refused. Only Unsecure If this option is chosen, then computers send only nonsecure dynamic updates. Only Secure...

Grouping Taskbar Buttons

The taskbar gets crowded with buttons when you're working with multiple applications, or with multiple documents in an application. Windows Server 2003 offers a new feature, button grouping, that makes it easier to see and use taskbar buttons. As the taskbar becomes more crowded, the button grouping feature changes to accommodate the increased number of buttons. To start, Windows Server 2003 displays adjacent buttons for documents opened by the same application, so you can find (and switch...

Configuring a Custom RRAS Configuration

The last path through the RRAS Setup Wizard allows you to create a custom configuration using any of the available RRAS features. When you use the Custom configuration path through the RRAS Setup Wizard, the wizard installs the RRAS components necessary to support the connection types you request, but does not prompt for any information to set up specific connections this task is left to your discretion following completion of the wizard. To enable RRAS with a custom configuration 1. Open...

Set Default Document Priorities

The Advanced tab also has a Priority text box, which represents the default priority level for each document sent to the printer. By default, the priority is 1, which is the lowest priority. You can change the default priority to any number between 1 and 99. Setting a priority level for the documents that arrive at a printer is meaningless. The only way to make priority levels work is to establish multiple virtual printers and set a different priority for each. Print jobs that are sent to the...

Configuring NWLink

After installation is complete, configure the parameters for the NWLink IPX SPX NetBIOS Compatible Transport protocol (see Figure 14-2). NWLink Frame Type The Frame Type parameter defines the way data is formatted as it travels across the network. Servers and workstations cannot communicate with one another over NWLink when they use different frame types. By default, Windows Server 2003 detects the frame type for you. Automatic frame detection configures NWLink to receive only one frame type...

Cnf

Type MD L File Date Modified 3 19 2003 1 07 PM Size 36.7 KB 36.7 KB Figure A-15. Initial metabase backup files you can use this backup later to restore IIS to its immediate post-installation state. Note that two files are backed up The metabase configuration file (Metabase.xml) is backed up as an *.MD1 file. The metabase schema file (Mbschema.xml) is backed up as an *.SC1 file. To manually back up the metabase at any time using IIS Manager, follow these steps 1. Right-click on the node in IIS...

Free Media Pools

Free media pools hold media that are not currently being used by applications. The media is available for use by any application that needs it. It's assumed that any data on the media is not needed, usually because the data is an old backup and would not be useful for a restore procedure. You can configure RSM to have applications draw media from the Free media pool automatically, whenever an application runs out of media in its own pool. If you don't configure automatic draws from the Free...

Lms

U se one of the following basic share permissions or create custom share and folder permissions. 11 users have read-only acc s f Administrators have full access other users have read-only access f- Administrators have full access other users have read and write access f Use custom share and folder permissions j Permissions you set on this page only control access to the share you might also want to sel permissions on individual fil s and folders, For more information about permissions, see...

Custom Templates

By default, you have access to more than 700 Group Policy settings. Even so, you might need to create additional policy settings to support a new piece of software your organization has purchased, or if you want to manage registry settings not configurable through existing Group Policy settings. You can perform these tasks three ways Add administrative templates already in Windows Some .adm files are available only by adding them using GPOE. Create new Group Policy extensions Before you do...

Copying a User Account

After you've filled in configuration options for a user, you can copy the user's settings to another, new, username to avoid having to configure the new user from scratch. In the details pane of the Users container, right-click the username you want to use as the source, and choose Copy. The Copy Object-User dialog opens, which is a blank new user dialog. Enter the new user's information and password options as described in the preceding paragraphs. The best way to use the copying feature is to...

Active Directory Users and Computers

Active Directory Users and Computers is your interface for managing Active Directory objects such as users, computers, and groups. To view your install of Active Directory, select Start Programs Administrative Tools Active Directory Users and Computers (see Figure 19-1). Active Directory Users and Computers looks similar to Windows Explorer. It has folder icons and objects contained in the folders. These folders are known as organizational units (OUs) and containers. OUs are the folders with...

Iis

1 Console Root EJ-JJ1 Local Computer Policy B ij Computer Configuration El LJ Software Settings El LJ Windows Settings iSj Scripts (Startup Shutdown) Rp Security Settings i+i j Account Policies H-CI Local Policies 0- J User Rights Assignment B-Ci S ecurity Options Ei-Q Public Key Policies l+1-P l Software Restriction Policies EIP Security Policies on Local Computer El LU Administrative Templates 0 User Configuration 0 Audit bp Audit i Audit t Audit Audit Audit Audit Audit Audit account logon...

Running Programs after Sysprep Is Finished

In addition to providing customized system information, SYSPREP can install software and run programs on target computers after the installation of Windows Server 2003. There are frequently times when you'll want to do this. For example, applications cannot be installed on the master image computer if these programs rely on Certificate Services or Clustering Services or integrate with Active Directory, yet you may want these programs installed automatically immediately after SYSPREP is...

Using Pushd and Popd to Access Remote Computers

The cd command doesn't work with a UNC address, so you can't move to a remote share as easily as you can on your local computer. However, you can use pushd to automatically assign a temporary drive letter to a remote share, and move to that share automatically. Then, you can use popd to remove the temporary drive letter. The following sections on pushd and popd assume that command extensions are enabled for the command processor (the default state of Windows Server 2003). If you disable command...

Changing the Rules for Recovery Console

Feeling hemmed in by the rules and restrictions that are imposed by the Recovery Console Well, break out and change them. Microsoft has built in an escape hatch if you're ready to step out of the confines proscribed by the default Recovery Console environment. Before you leap, however, take a moment to remember that you're playing around with some very powerful commands, and your playing field is the section of the computer that contains the heart of the operating system. If you widen your...

Installing RIS Images on Client Computers

Once images have been created, the process of actually installing a RIS image to a client computer is fairly simple. If the client computer has a PXE-enabled network adapter, and the client is located on the same network segment as the RIS server, you can simply turn on the computer. Otherwise, if your client computer's NIC doesn't support PXE, you can create a RIS Boot Disk. Remember that the RIS Boot Disk only supports a limited selection of network adapters if your NIC doesn't support PXE,...

M

The program msinfo32.exe is located in the Program Files Common Files Microsoft Shared MSInfo folder, which, by default, is not in your path. However, you don't have to wend your way through that path to open the program you can overcome the problem in either of two ways Enter winmsd at the command prompt. (Winmsd.exe, which appeared in Windows NT, launched the Windows NT diagnostics application. In Windows Server 2003 Windows 2000, winmsd.exe is an application stub that launches msinfo32.exe.)...

Understanding a Subnet

Subnet masking is occasionally more complicated than the examples given thus far. Sometimes the dividing line between the network and the host portions of an IP address does not fall neatly between the octets. A subnet is simply a logical subdivision imposed on a network address for organizational purposes. For example, a large corporation that has a registered class B network address is not likely to assign addresses to its nodes by numbering them consecutively from 0.0 to 255.555. The more...

Activating after the Grace Period

If you don't activate Windows within the grace period, the operating system won't let you log on to the computer. However, Windows won't shut down a running computer, so you'll encounter the problem when you restart the computer. If you restart the computer after the grace period and can't log on, you'll have to restart your computer and boot into Safe Mode Minimum (not Safe Mode with Networking). Then, choose Start I Programs I Activate Windows. If your Internet connection is over your LAN,...

Creating Custom MMC Consoles

Once you complete the Delegation of Control Wizard, the selected groups should then be able to perform administrative tasks. You can create custom Microsoft Management Consoles (MMCs) and then distribute them to the individuals you delegated authority to. By creating custom MMCs, you can customize the administrative interface to the objects so that the delegated administrators only see what they have permission to administer. In the following procedure we will create a custom MMC for displaying...

I

GuiRunOnce works by modifying the HKEY_CURRENT_USER Software registry key, and adding each command to this value. Each command runs synchronously, which means the commands are processed in order, and the next command doesn't execute until its previous command finishes. An important limitation of the GuiRunOnce section is that programs run in the context of the logged-on user. If the user logging on to the server doesn't have the necessary privilege to run a command in the GuiRunOnce section,...

Urr

HAL (Hardware Abstraction Layer), loading during operating system boot, 150 HAL, role in automated installations, 34-35 handling priority, setting for NLB port rules, 800 hardware bootup, overview of, 144-145 hardware component inventory sheet, example of, 20 hardware, documenting prior to installation, 19-20 Hardware key, listing in registry, 103 hardware requirements for installation, overview of, 16-18 HCL (Hardware Compatibility List), contents of, 16 headless computers, installing and...

Configuring Internet Connection Sharing

Looking for a simpler way to configure an Internet-connected computer as a router with NAT, in order to share that Internet connection Internet Connection Sharing (ICS) Figure 13-25. Selection custom configuration options may be just the ticket. ICS is a simple alternative to RRAS, intended for SOHO. In a simple one-step process, ICS does the following 1. Reconfigures the IP address of the LAN adapter that connects to the local network to 192.168.0.1, with a subnet mask of 255.255.255.0 (or...

C

Of dir command, 214 of more command, 216 C parameter in multi() syntax, 159 in scsi() syntax, 160 in x86 ARC path statements, 158 cabs subfolder, contents of, 918-919 cached data, using with RSS, 572 cache.dns file, description of, 402 caching-only server DNS queries, dynamics of, 396 callback, role in RRAS, 448-449 Called-Station-ID remote access policy, description of, 475 caller ID, using with RRAS, 449 carrier-based VPN, explanation of, 449 CD booting to, 29-30 installing from, 29-32...

NTFS Master File Table

Instead of a File Allocation Table, NTFS uses a special file called the Master File Table (MFT) to track all the files and directories on a volume. The size of the MFT is dynamic, and is automatically extended when necessary. The MFT is really an array of records, which you can think of as a database of all the files on the system. Each record in the MFT is usually fixed at 1K, and the first 16 records contain information about the volume. These volume-specific records are called the metadata...

Prepopulating a Roaming Profile

Earlier in this chapter, I discussed the fact that you can copy a local profile to the local default user profile, to make the default user profile match the configuration options you'd prefer. You can also copy a local profile to the Profiles folder on the server that's holding user profiles If the roaming user has a local profile on a workstation, copy that profile to the server. Then, when you enable roaming profiles for the user, and he logs on to the domain from any other computer, his own...

Merging a Registration File

Registration files work by merging the contents of the .reg file with the registry, via Regedit.exe. There are three ways to send the contents of the file to the registry Double-click the file (the default associated action for a .reg file is merge). Enter Regedit filename.reg at the command line. Choose File Import from the Regedit menu bar. If you want to run .reg files from the command line in quiet mode, or write batch files that merge.reg files without user intervention, use the Regedit...

Using Cleanmgrexe

The command-line version of the disk cleanup tool, cleanmgr.exe, offers a number of switches you can use to automate the cleanup process and make it more efficient. (Incidentally, cleanmgr.exe doesn't appear in the command-line reference section of the Windows Server 2003 help files, so you might want to put a bookmark in this page.) Cleanmgr.exe supports the following command-line switches d driveletter Selects the drive you want to clean. sageset n Displays the Disk Cleanup Settings dialog so...

Creating a Demand Dial Interface

You can also use NAT when connecting to the Internet using the features of dial-up networking. Windows Server 2003 supports demand-dial connections using dial-up modems, ISDN or other supported physical devices, VPN connections, and Point-to-Point Protocol over Ethernet (PPPoE). To configure a demand-dial interface with NAT, begin the process as described in the previous numbered list. In Step 4, select Create a new demand-dial interface to the Routing and Remote Access Server Setup Wizard You...

Windows Settings

Windows Settings are available in the Computer Configuration and User Configuration nodes in GPOE. User Configuration Windows Settings apply to all users regardless of which computer they use. This node also contains five extensions Remote Installation Services, Scripts (startup, shutdown, logon, and logoff), Security Settings, Folder Redirection, and Internet Explorer Maintenance. Remote Installation Services You can use Group Policy to control whether the user of a Remote Installation...

Telnet Security

By default, only members of the local Administrators group can connect to the Windows Server 2003 telnet server. When a client connects, the remote user must enter a username and password that is valid on the server, and has administrative permissions. A command window opens and the client user can perform tasks, but cannot use any applications that interact with the desktop. If you create a local group named TelnetClients, any member of that group is also allowed to connect to the telnet...

Preparing the Master Image

Before you can deploy a customized image using SYSPREP, you must prepare a master image that contains the fully configured copy of Windows Server 2003 that will be copied to the target computers. Building a master image is a very detailed process. Because every file and device configuration on the image you are creating will be used on one or more target computers, it's critical that the master image contain the right components no more, no less. Start by identifying all the Windows Server 2003...

Host Parameters

The Host Parameters tab of the Network Load Balancing Properties dialog offers options that apply to the host in question. This section presents guidelines for configuring this (and every other) host computer in the cluster. Figure 24-3 shows the available Host Parameters configuration options. Figure 24-3. Each node of an NLB cluster must have a unique Priority, but need not have a dedicated IP address. Priority (Unique Host ID) The priority ID is this host's priority for handling default...

RIPrep Setup

The RIPrep method allows creation of actual images of servers, desktops, and notebooks. This image is stored by the RIS server in the same directory structure as the Flat Image files. A description is also added to the RIPrep image so that selection is available on the client-based RIS menu. The RIPrep host may contain multiple software or server applications already preloaded and configured and is a much more through deployment than just the Flat Image technique. The RIPrep data collection...

TCP Header

The header of a TCP packet is complex, even though it is the same size as the IP header, because it has a great deal to do. The TCP header is carried within the IP header and is read only by the end system receiving the packet. Because the destination system must acknowledge receipt of the transmitted data, TCP is a bidirectional protocol. The same header is used to send data packets in one direction and acknowledgments in the other direction. The TCP header is formatted as follows Source Port...

Save System Data to a File

You may be asked to save the system information in a file, and then e-mail the file to a support technician (or upload the file to a web site). To accomplish this, choose File Save and enter a location and filename in the Save As dialog. System information files are saved with the extension .nfo. By default, Windows Server 2003 .nfo files are saved for version 7.0 of System Information. The Save As dialog offers a second file type for version 5.0 6.0 .nfo files. Use this file type if you're...

Overview of the Registry

The registry grew out of a number of control files and databases that existed in previous versions of Windows, traveling a logical road to today's incarnation of the way Windows Server 2003 stores settings. Microsoft Windows 3.1, which was the first widely used version of Windows (especially in business), used three file types to define a computer's hardware and application software for the operating system. Two of the file types were initialization files, which have the extension .ini, and the...

Public Key Infrastructure and Windows Server Authentication

Windows Server 2003 uses certificates for a variety of functions, such as smart card authentication, web server authentication, secure e-mail, Internet Protocol security, and code signing. A certificate is a digital document issued by an authority to vouch for the identity of a certificate holder. It associates a public key with a person, computer, or service that holds its corresponding private key. A certificate generally includes information about the person or system the certificate is...

Broadcast Name Resolution

When NetBIOS names are resolved using broadcasts, it is the responsibility of all registered systems to respond to requests specifying their names. A computer using broadcast name resolution generates the same NAME QUERY REQUEST packet as a WINS client, except the query is broadcast to all the systems on the local subnet. Each system receiving the packet must examine the name for which the IP address is requested. If the packet contains an unrecognized name, it is silently discarded. A computer...

NTFS Compression

NTFS file compression is a built-in function of the file system. You can compress the data on an entire volume, in a specific directory, or in a specific file. To enable compression, open the Properties dialog of a volume, directory, or file, and use the General tab as follows For a volume, select the option Compress Drive To Save Disk Space. You are asked if you want to apply compression only to the root, or include all the folders. For a folder, click Advanced, and then select the option...

Requirements for Using Group Policy

Back in the days of Windows NT, Windows computers were managed by using system policy or by permanently tattooing the registry of your clients. System policy is based on registry settings set when you use the System Policy Editor, Poledit.exe. From Windows 2000 on, Group Policy added much greater flexibility for management, plus secsetconcepts.chm, spolsconcepts.chm, secsettings.chm Wireless Network (IEEE 802.11) Policies Table 22-2. Windows Server 2003 Group Policy-Related Help Files you can...

Understanding the Synchronization Process

As computers running Windows 2000 and later log on to the domain, the Windows time service checks the time on an appropriate computer to determine the target time, which is the time the computer wants to match on its own clock. For DCs, the target time is the time on the authoritative time server. For all other computers, the target time is the time on the authenticating DC. If the target time doesn't match the time on the local clock, the logging-on computer takes the following steps to adjust...

Last Known Good Configuration

Use this option to start Windows Server 2003 with the registry settings that were saved at the last normal shutdown. This option doesn't solve problems caused by missing or corrupt drivers, but it's useful in overcoming problems caused by configuration changes you made in your last session. Those changes are lost, which is usually a good thing. Windows uses the registry to determine, and load, the last known good configuration, which is the configuration that was written to the registry after a...

Transfer the RID Master Role Using the Current Role Holder

To transfer the RID master role while working at the current role holder, follow these steps 1. Open Active Directory Users and Computers. 2. In the console pane, right-click Active Directory Users and Computers and choose Connect to Domain Controller. 3. Enter the name of the target DC or select it from the list of available domain controllers. 5. In the console pane, right-click Active Directory Users and Computers again, and choose All Tasks Operations Masters. 6. In the Operations Masters...

Charting Performance with System Monitor

Counter statistics can be monitored in real time with System Monitor. The results of the collected data appear in a histogram bar chart or graph. The graph format is the default format for System Monitor and it produces a chart that looks something like an electrocardiogram used for monitoring a heartbeat. The charting format you choose is determined mainly by personal preference. You may find one format more suitable than others for viewing your system. Figure 25-3. The Performance snap-in...

Compress Old Files

Scroll through the display to find the listing named Compress old files. Disk Cleanup is not offering to remove compressed files instead, this is an offer to keep older files in a compressed format. Compressing the files uses less disk space. Select the Compress old files listing and click the Options button to specify how many days must have elapsed since the last time you accessed a file in order to qualify the file for compression. File compression is only available for drives that are...

Remote Installation Services

RIS is designed to deploy operating systems and images of operating systems. RIS is enhanced in Windows 2003 by addressing the deployment of Windows 2003 Windows 2000 Server flavors and Windows XP. RIS as provided with Windows 2000 would not image or support the roll-out of Windows 2000 Server products without considerable tweaking. Support for the primary Microsoft Server network operating systems is a huge enhancement for RIS and one that will offer a rapid way to provide base images or flat...

Software Components

Several software components make up server clusters they fall into two categories Clustering software Describes the software components that are required for the server cluster to operate. This software enables communication between nodes, detection of application or node operational status, the transfer of resource operations, and much more. The two main components for clustering software are the Resource Monitor and the Cluster Service. Administrative software Gives you control and...

Recovery Console Commands

A limited number of commands are available to you when you're working in the Recovery Console. Many of the commands are also available in the standard Windows command console, but most of the time the commands have different parameters or the parameters have a different meaning in the Recovery Console than they do when you're working in Windows. For that reason, it's worth going over the commands and the way their parameters work in the Recovery Console. Attrib Use the attrib command to change...

Configuring a Router with Network Address Translation

A router with NAT enabled enhances the security of client-to-Internet communications. Normally, all IP packets include the IP address of the computer that created the packet the source IP address and port number. A router with NAT enabled will keep track of a packet's true IP address and port, and substitute a fixed public IP address and a port that isn't otherwise used at the router. When the router receives an inbound packet at the public IP address, it uses the port now in the destination...

Adding Items to the Registry

You can add keys or data items to the registry from within Regedit. Most of the time, user-added items are data items within a subkey, but occasionally you need to add a new subkey, and then populate it with data items. 1. Right-click the parent key, and choose New Key. 2. Name the new key using the instructions from documentation or support personnel . 1. Right-click its container key, and choose New lt ValueType gt you must know the correct value type of a data item you're adding to the...

Upgrading Windows NT Domains

Before you start upgrading your Windows NT 4 DCs to Windows Server 2003, you need to understand some basic rules DNS is required see the next section, DNS Decisions . The functional level of your AD both forest and domain can be manipulated until you've fully upgraded the enterprise. See the section Domain and Forest Functionality, later in the chapter. In addition, of course, you must understand and plan your AD hierarchy, which is a vastly different networking paradigm than you experienced in...

File Services for Macintosh

File Services for Macintosh also called MacFile lets you designate a directory that can be accessible to Macintosh as well as Windows users. For compatibility reasons, a Macintosh-accessible volume requires NTFS to ensure that filenames are set properly for both environments, and to make sure proper security permissions are invoked. IP I CDFS for CD-ROM drives is also a supported file system that can be used for sharing between platforms. Permissions are always read-only on CDFS drives. To...

Creating MMC Taskpads

Custom consoles are fine for administrative tasks, but they still require some understanding of using an application like Active Directory Users and Computers. There may be instances where you wish to delegate control of an AD object to a nontechnical person. Windows Server 2003 provides a way to create taskpad views for administrative tasks. Custom taskpads allow you to create and expose just the administrative function required for the delegated administrator. The interface is very intuitive...

Installing the NLB Service in the NLB Properties Dialog

Right-click the Local Area Connection icon on which you want to run NLB, and choose Properties. If the computer has multiple NICs, each NIC has its own Local Area Connection icon. In the Properties dialog, Network Load Balancing is listed as a component. Click the check box to place a check mark in it to enable the service see Figure 24-1 . If Network Load Balancing isn't listed in the Properties dialog which usually means it was specifically uninstalled , click the Install button and choose...

Internet Information Services IIS

Copyright 2003 by The McGraw-Hill Companies, Inc. Click Here for Terms of Use. If you're planning to use Windows Server 2003 for hosting web sites and dynamic web applications, you'll find that there have been some significant changes to Internet Information Services IIS in the new platform. Version 6 of IIS includes enhancements in the areas of security, reliability, scalability, manageability, and performance. Understanding these changes is important if you want to get the most out of the new...

Windows Server Print Processor

The print processor does the rendering of the print job after it receives the file from the spooler. Rendering means translating all the data in the print job into data that is understood and accepted by the printer. Before passing the job, the spooler checks for the data type. If rendering is necessary, it passes along rendering information to the print processor in addition to the print job. The question of whether or not the job needs processing is dependent upon the data type sent by the...

Using Print Services for UNIX with Windows Printers

When you install Print Services for UNIX on Windows Server 2003 2000 computers, PS-UNIX exposes all local printers as LPR-compatible printers. You can use this feature to access shared Windows printers in some routed networks where NetBIOS name resolution fails to locate the server hosting the printer, or where NetBIOS traffic through the router is disallowed. After you install PS-UNIX on the computer that hosts the printer, you can use PS-UNIX on a remote network to create a UNIX-accessible...

Working with Counter Logs

Counter logs allow you to record system activity or usage statistics for local and remote machines. In addition to starting and stopping the Performance Logs and Alerts service manually, you can also configure the service to start and stop automatically or to log data continuously. You can log data from individual counters or entire objects. This provides the flexibility to keep the amount of data you're logging to a minimum. To begin logging activity using the counter logs, follow these steps...

Seed Routers

A seed router is responsible for broadcasting routing information such as network addresses on the segment this is called seeding the network . Enabling AppleTalk routing on a Windows Server 2003 computer turns that computer into a seed router for Macintosh clients. If you have more than one NIC in the computer, you can seed more than one AppleTalk network. The AppleTalk environment can include different kinds of routers, all of which forward data from one physical network to another which is...

Video Settings

After the first boot, your video settings seem primitive icons are larger and fuzzier than you'd expect. Even though Windows Server 2003 found your video controller and its driver, it's loading the same low video settings it used during installation. However, the system is smart enough to know this. Within seconds of your first boot, you see the following message Your computer screen resolution and color depth are currently set to a very low level. You can get a better picture by increasing...

MBSA Scanning Options

MBSA can be used as a free, very limited, vulnerability-assessment tool with the capability to do the following Scan one or more Windows Server 2003, Windows NT 4, Windows 2000, and Windows XP machines. Check for Windows operating system vulnerabilities. Check for IIS vulnerabilities. Check for SQL Server vulnerabilities. The tool checks for vulnerabilities on each instance of SQL Server that it finds on the computer. Check for weak passwords and common password vulnerabilities. MBSA password...

Configuring RRAS

The Routing and Remote Access Server Setup Wizard abolishes much of the pain that you may have experienced with earlier versions of RAS or RRAS. This wizard holds your hand each step of the way, whether you're configuring an Internet connection server, a remote access server, or a VPN solution. It is important to note here that the following sections on configuring the server assume that you already have installed a modem or other devices used for remote connections. The principles behind...

Windows Server DNS

It's time to talk about the new stuff There are quite a few differences you will notice in 2003 DNS. Here are the improvements Round robin update In DNS, normal behavior is to have a round robin effect when the server is queried for resource records of the same types for the same domain name. If this causes an issue in your environment, it can be adjusted such that round robin will not be used for certain record types. It's done using a registry tweak Valid Range any RR type SRV, A, NS...