Resetting the User Account Password

It happens more than any administrator wants to talk about resetting user passwords. In some organizations with particularly challenging password complexity requirements, this can become a burden on network administrators. Even in those organizations where the password policies are not nearly as stringent, users will still forget their passwords. Additionally, the network administrator will oftentimes need to reset the password on an expired or locked out user account. Fortunately, you can you...

The Debug Logging

The Debug Logging tab, as seen in Figure 6.26, provides advanced logging options that are disabled by default but can be used by a network administrator to troubleshoot and debug the DNS server's operation. The default configuration once Debug Logging has been enabled is also seen in Figure 6.26. Interfaces Forwarders Advanced ) Root Hints Debug Logging Event Logging Monitoring by the DNS server to a log file. Debug logging is disabled by default. 7y,g packets for debugging F Outgoing 5e ect at...

Introduction to Security Templates

Although Windows Server 2003 is more secure than any previous version, network administrators are in no way relieved of the requirement to implement a security solution that is specific to the needs of and the threats faced by their network. Using security templates, the administrator can customize the security settings of their servers and workstations to meet these requirements. The preconfigured security templates provided with Windows Server 2003 can be thought of in one of two ways they...

Introducing and Planning the DNS Service

DNS is at the heart ofWindows Server 2003. Therefore, this chapter begins with a discussion of how DNS works and what exactly it does for networks. Subsequent sections cover the installation and configuration of a Windows Server 2003 DNS server. Back in the early days of connected computing, the Internet was known as the ARPANET.The total number of hosts on the entire ARPANET was less than 100, and a master list of server names and their respective IP addresses was maintained in a file called...

Configuring Forward Lookup Zone Options

After locating the correct forward lookup zone, its Properties dialog box can be opened by right-clicking on the zone and selecting Properties from the context menu. The forward_lookup_zone_name Properties box opens to the General tab, as seen in Figure 6.30. The General tab, as seen in Figure 6.30, contains an assortment of basic options that a network administrator may wish to configure for their zones. Figure 6.30 The Forward Lookup Zone General Tab The following actions can be performed...

Advanced Terminal Server Configuration via Group Policy

Although the Terminal Services Configuration console can be used to implement basic Terminal Services settings, using Group Policy may yield better results while providing a wealth of additional configuration options. Terminal Services options are located in both the Computer Configuration and User Configuration sections of a Group Policy Object (GPO). The Terminal Services node of the Computer Configuration section of a GPO, as seen in Figure 2.28, has several advanced configuration options...

Determining Zone Type Requirements

The next crucial pieces of the overall DNS puzzle are the concepts of zones of authority (zones) and zone transfers. A zone of authority (zone) is a file that contains the complete information on a portion of a domain namespace it is a subset of a domain. One name server (or multiple servers when DNS is Active Directory-integrated) is authoritative for every zone and will respond to any request that a client makes for name resolution against that zone. So, in looking at the DNS name...

Configuring Automatic Updates via Group Policy

Click Start Programs Administrative Tools Active Directory Users and Computers to open the Active Directory Users and Computers console. 2. Depending on the size and organization of your network, you may want to apply the Automatic Updates settings at the domain level or to one or more specific OUs. For this example, we will be configuring the settings at the domain level. 3. Right-click on the domain node and select Properties to open the domain Properties dialog box. Switch to the Group...

Chapter Managing and Maintaining Web Servers

You have created a commercial Web site with sensitive business information.Your senior architect has advised you to use Advanced Digest authentication to maximize security benefits on IIS 6.0.You have been doing research on Advanced Digest authentication. What is an incorrect piece of information you came across in your research A. It uses Active Directory to store user credentials B. It only works with HTTP 1.1 enabled browsers C. It will work with Internet Explorer 4.0 with JavaScript 1.3...

Dsmod computer

The dsmod computer command is used modify the properties of one or more existing computers in Active Directory and uses the following syntax dsmod computer ComputerDN -desc Description -loc Location -disabled yes no -reset -s Server -d Domain -u UserName -p Password * -c -q -uc -uco -uci Table A.7 details the parameters associated with the dsmod computer command. Table A.7 dsmod computer Parameters Switch Function ComputerDN Specifies the distinguished name of the modified object or objects....

Test Day Tip

While you should not be tested directly on your ability to remember all of these security options, you should at least be familiar with them and their general usage. You should also know where they are located. Table 7.10 Local Policies Options - Security Options Node Accounts Administrator account status Accounts Limit local use of blank passwords to console logon only Accounts Rename administrator account Audit Audit the access of global system objects Audit Audit use of Backup and Restore...

Exam Objectives Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also gain access to thousands of other FAQs at ITFAQnet.com. Q I have developed a disaster recovery plan, but I am not completely certain that the plans and procedures will be effective during a disaster. How can I be sure A Perform dry runs of...

Dnscmd recordadd

The dnscmd recordadd command is used to add a record to the specified zone has the following syntax dnscmd ServerName recordadd ZoneName NodeName RRType RRData Table A.47 details the parameters associated with the dnscmd recordadd command. Table A.47 dnscmd recordadd Parameters Specifies the type of record to add. The dnscmd recorddelete command is used to add a delete a record from the specified zone has the following syntax dnscmd ServerName recorddelete ZoneName NodeName RRType RRData f...

Dsmod contact

The dsmod contact command is used modify the properties of one or more existing contacts in Active Directory and uses the following syntax dsmod contact ContactDN -fn FirstName -mi Initial -ln LastName -display DisplayName -desc Description -office Office -tel PhoneNumber -email E-mail -hometel HomePhoneNumber -pager PagerNumber -mobile CellPhoneNumber -fax FaxNumber -iptel IPPhoneNumber -title Title -dept Department -company Company -s Server -d Domain -u UserName -p Password * -c -q -uc -uco...

Deleting User Accounts

Occasionally, user accounts must be deleted, most commonly when a user no longer works for an organization. It is important to delete an inactive user account as soon as possible. For example, company policy might dictate that user accounts are to be disabled starting the day a user leaves the company. After 45 days if the user has not returned to the company, the user account is deleted to prevent its misuse. Exercise 1.17 outlines the process to delete a user using Active Directory Users and...

Dsget user

The dsget user command is used display the properties of a specified group in Active Directory and has two possible variations in usage. The first allows you to view the properties for multiple users, while the second allows you to view the group membership information for a single user. The dsget user command uses the following syntax dsget user UserDN -dn -samid -sid -upn -fn -mi -ln -display -empid -desc -office -tel -email -hometel -pager -mobile -fax -iptel -webpg -title -dept -company...

Dnscmd directorypartitioninfo

The dnscmd directorypartitioninfo command is used to display information about a DNS application directory partition and uses the following syntax dnscmd ServerName directorypartitioninfo FQDNofDP detail Table A.43 details the parameters associated with the dnscmd directorypartitioninfo command. Table A.43 dnscmd directorypartitioninfo Parameters Switch Function FQDNofDP Specifies the DNS application partition FQDN. detail Displays all information about the partition.

Dnscmd nodedelete

The dnscmd nodelete command is used to delete all records on a specified server and uses the following syntax dnscmd ServerName nodedelete ZoneName NodeName tree f Table A.46 details the parameters associated with the dnscmd nodelete command. Table A.46 dnscmd nodelete Parameters ZoneName Specifies the name of the zone. NodeName Specifies the name of the node. tree Specifies to delete all child records. f Specifies to not display confirmation during the process.

Configuring User Account Properties

When user accounts are created using the Active Directory Users and Computers console or using the minimum required command syntax of the dsadd command, many user attributes and information items still need to be configured. Most of these items can be configured using the dsadd command at the time of account creation, or the dsmod command after the fact. The following sections examine the configuration process entirely from the Active Directory Users and Computers console. Within Active...

Dsadd user

The dsadd user command is used to add a single user object to Active Directory and uses the following syntax dsadd user UserDN -samid SAMName -upn UPN -fn FirstName -mi Initial -ln LastName -display DisplayName -empid EmployeelD -pwd Password * -desc Description -memberof Group -office Office -tel PhoneNumber -email E-mail -hometel HomePhoneNumber -pager PagerNumber -mobile CellPhoneNumber -fax FaxNumber -iptel IPPhoneNumber -webpg WebPage -title Title -dept Department -company Company -mgr...

Dnscmd config

The dnscmd config command is used to change values in the registry for a DNS server and its zones and uses the following syntax dnscmd ServerName config ServerOption Value ZoneOption Value Experienced administrators should only perform direct editing of the Registry. Before editing, always backup the Registry. Table A.40 details the parameters associated with the dnscmd config command at the server level.While Table A.41 details the parameters associated with the dnscmd config command at the...

Configuring Automatic Updates in the Registry

Open the Registry Editor by clicking Start Run, typing regedt32, and clicking OK. The Registry Editor, as seen in Figure 8.18, opens. Figure 8.18 The Registry Editor Window Figure 8.18 The Registry Editor Window 2. Expand the keys to reach the following key dowsUpdate, as seen in Figure 8.19. If the WindowsUpdate key does not exist, you must create it by right-clicking on the Windows key and selecting New Key from the context menu. Name the key WindowsUpdate. Figure 8.19 Locating the Windows...

Chapter Managing and Maintaining Terminal Server Access

The Need for Terminal Services A Survey of Computing Environments 1. Jim is the systems administrator for NVC Corporation, the makers of world famous widgets. NVC Corporation has 20 Windows Server 2003 servers and 200 Windows XP Professional and Windows 2000 Professional client workstations. Management would like to deploy services to three new remotes sites. The need is to deploy a single application to five remote users at each site. Jim has been tasked with designing a brand new Terminal...

Chapter Overview of Windows Server

You are an assistant network administrator for Billy's Jeans, Inc.You have been tasked with creating three new groups, one for each of the following divisions Sales, Marketing, and Production. The Sales group is to be configured with permissions required to access a shared network folder named Sales. The Marketing group is to be configured only for e-mail distribution to its members. The Production group is to be configured for both e-mail distribution and with the required permissions to...

Configuring Registry Security

Navigate to the Registry node of your Security Configuration and Analysis snap-in or the Restricted Groups node in the Group Policy Editor, Domain Security Policy console, or Local Security console. 2. Right-click Registry and choose Add Key from the context menu. You will see the Select Registry Key dialog box shown in Figure 7.29. Figure 7.29 The Select Registry Key Dialog Box Figure 7.29 The Select Registry Key Dialog Box 3. Navigate to the key that you want to secure. In this example, we...

Note

The ability to transfer audio is one of the important differences between the Remote Desktop Connection client and the older Windows 2000 Terminal Server client. The next setting on the Local Resources tab relates to whether keyboard shortcut combinations are used by the local operating system or the Remote Desktop window. There are three possible settings for keyboard shortcut combinations In full screen mode only In this mode (which is the default), when you use a shortcut combination, the...

Dnscmd enumrecords

The dnscmd enumrecords command is used to list resource records in a specified DNS zone and uses the following syntax dnscmd ServerName enumrecords ZoneName NodeName type RRType RRData authority glue additional node child startchild ChildName continue detail Table A.44 details the parameters associated with the dnscmd enumrecords command. Table A.44 dnscmd enumrecords Parameters Table A.44 dnscmd enumrecords Parameters Specifies the type of record and type of data. Specifies to include...

Wins

clear Specifies to reset the specified statistic. The dnscmd unenlistdirectorypartition command is used to remove the specified server from the specified directory partition replica set and uses the following syntax dnscmd ServerName unenlistdirectorypartition FQDNofDP The FQDNofDP placeholder specifies the FQDN of the DNS application partition. The dnscmd writebackfiles command is used to commit any changes being held in memory to the zone file and uses theand uses the following syntax dnscmd...