Chapter 10 Windows Server 2003 Part I
-
Upload
rajesh-rengaraj -
Category
Documents
-
view
222 -
download
0
Transcript of Chapter 10 Windows Server 2003 Part I
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
1/46
Chapter 10Chapter 10
Networking With WindowsNetworking With Windows
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
2/46
22
Why MicrosoftWhy Microsoft
Market LeaderMarket Leader
GUIGUI Tools in the Box Tools in the BoxSupportSupport
HistoryHistory1985 MS Net1985 MS Net
1993 NT 3.11993 NT 3.11995 NT 3.511995 NT 3.511996 NT 4.01996 NT 4.02000 Win 20002000 Win 20002003 Server 20032003 Server 2003LonghornLonghornBlackcombBlackcomb
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
3/46
33
GoalsGoals
To To ensure that network resourcesensure that network resources such assuch as
files, folders, and printersfiles, folders, and printers are availableare available totousersusers
To To secure the networksecure the network so that availableso that available
resources are only accessible to usersresources are only accessible to userswho have been granted the properwho have been granted the properpermissionspermissions
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
4/46
44
Windows Server 2003Windows Server 2003
EditionsEditionsMultiple versions of Windows Server 2003Multiple versions of Windows Server 2003existexist
Each version is defined to meet the need of Each version is defined to meet the need of a certain market segmenta certain market segmentVersions Include:Versions Include:
Standard EditionStandard EditionEnterprise EditionEnterprise EditionDatacenter EditionDatacenter EditionWeb EditionWeb Edition
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
5/46
55
Standard EditionStandard EditionDesigned forDesigned for everyday needs of small toevery
day needs of small tomediummedium businessesbusinesses or as a departmentalor as a departmentalserver for larger organizationsserver for larger organizations
Provides file and print services, secureProvides file and print services, secureInternet connectivity, centralizedInternet connectivity, centralizedmanagement of network resourcesmanagement of network resources
Logical upgrade path for Windows 2000Logical upgrade path for Windows 2000ServerServer
Can be used as a domain controller, memberCan be used as a domain controller, memberserver, or standalone serverserver, or standalone server
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
6/46
66
Standard EditionStandard Edition
(continued)(continued)
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
7/46
77
Enterprise EditionEnterprise EditionGenerally used forGenerally used for medium to large businessesmedium to large businesses
Designed for organizations that requireDesigned for organizations that require betterbetter
performance, reliability, and availabilityperformance, reliability, and availability thanthanStandard Edition providesStandard Edition provides
Provides support for mission-critical applicationsProvides support for mission-critical applications
Available inAvailable in both 32 and 64-bitboth 32 and 64-bit editionseditions
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
8/46
88
Enterprise EditionEnterprise Edition(continued)(continued)
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
9/46
99
Enterprise EditionEnterprise Edition
(continued)(continued)
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
10/46
1010
Datacenter EditionDatacenter Edition
Designed forDesigned for mission-critical applicationsmission-critical ap plications ,,very large databases, and informationvery large databases, and information
access that requires the highest levels of access that requires the highest levels of availabilityavailability
Can only beCan only be obtained from Originalobtained from Orig inalEquipment ManufacturersEq uipment Manufacturers (OEMs)(OEMs)
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
11/46
1111
Datacenter EditionDatacenter Edition
ContinuedContinued
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
12/46
1212
Web EditionWeb Edition
Lower-cost editionLower-cost edition
Designed forDesigned for hosting and deploying Web services andhosting and deploying Web services andapplicationsap plications
Meant for small to large companies or departmentsMeant for small to large companies or departmentsthat develop and/or deploy Web servicesthat develop and/or deploy Web services
Can only beCan only be obtained from Original Equipmentobtained from Orig inal EquipmentManufacturersManufacturers (OEMs)(OEMs)
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
13/46
1313
Web Edition (continued)Web Edition (continued)
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
14/46
1414
Windows 2000/2003Windows 2000/2003
ArchitectureArchitecture
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
15/46
1515
Two Different Operating Two Different Operating
ModesModes
Executive Services
User Mode
Kernel Mode
OS/2Application
Virtual DOSMachine (VDM)
Win32Application
POSIXApplication
LogonProcess
OS/2Subsystem
Win32Subsystem
POSIXSubsystem
SecuritySubsystem
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
16/46
1616
The Intel Memory Model The Intel Memory Model
ExecutiveServicesRing 0
Ring 1
Ring 2
Ring 3
Kernel Mode
User Mode
A p p s A p p s
Win2K Operating SystemExecutive Services always operate inRing 0
Executive Services cannot be pagedout to Virtual Memory (Hard Disk)
User Mode Applications run through
Application Programming Interfaces(APIs) to request services fromExecutive Services
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
17/46
1717
Architectural LayersArchitectural Layers
User modeUser modeProcesses protected by the OSProcesses protected by the OSNo direct access to hardwareNo direct access to hardware
Kernel modeKernel modeProcesses protected by the CPUProcesses protected by the CPUDirect access all hardware and memoryDirect access all hardware and memory
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
18/46
1818
User ModeUser Mode
Environment subsystemsEnvironment subsystemsProvides APIs forProvides APIs for
CSRSS.EXE - Windows 32bit ApplicationsCSRSS.EXE - Windows 32bit ApplicationsOS/2 DOS 16bit ApplicationsOS/2 DOS 16bit ApplicationsUnix compatible ApplicationsUnix compatible Applications
Integral subsystemsIntegral subsystemsSecuritySecurity
Tracking user rights and permissions Tracking user rights and permissionsLogin authenticationLogin authentication
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
19/46
1919
Kernel ModeKernel Mode
ExecutiveExecutiveManages all I/OManages all I/OCommunications between clients and serversCommunications between clients and servers
LPC Local Procedure CallLPC Local Procedure CallRPC Remote Procedure CallRPC Remote Procedure CallVMMVMM
Hardware Abstraction Layer (HAL)Hardware Abstraction Layer (HAL)Library of hardware routinesLibrary of hardware routinesMakes OS portableMakes OS portable
Kernel-mode driversKernel-mode driversDevice drivers programs that control devicesDevice drivers programs that control devicesWDM - Windows Driver ModelWDM - Windows Driver Model
Support of Windows 98/MESupport of Windows 98/ME
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
20/46
2020
The FAT File System The FAT File SystemFile Allocation Table (FAT)File Allocation Table (FAT)
File location and AttributesFile location and Attributes Two copies of the FAT are stored on the Two copies of the FAT are stored on the
volume.volume.FAT16FAT16
DOS thru Windows Server 2003DOS thru Windows Server 2003
FAT32 (VFAT)FAT32 (VFAT)Windows 95 OSR2 and aboveWindows 95 OSR2 and above You can move or copy files between You can move or copy files betweenFAT and NTFS volumes.FAT and NTFS volumes.
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
21/46
2121
The FAT16 File System The FAT16 File System
Supports up to 2TBSupports up to 2TBLimited to 4 partitionsLimited to 4 partitions
4 primary or4 primary or3 primary and 1 extended3 primary and 1 extendedLimited to 4GbLimited to 4Gb
Maximum file size 2GBMaximum file size 2GBShort file names 8.3Short file names 8.3
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
22/46
2222
Structure FAT16 DiskStructure FAT16 Disk
Basically the directory
Name
Attribute
Create data
Modified data
Starting Cluster
File size
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
23/46
2323
FAT32 (VFAT)FAT32 (VFAT)
FAT32 supports partitions larger thanFAT32 supports partitions larger thanthose handled by FAT16.those handled by FAT16.
2047 GB theoretical2047 GB theoreticalWin2K+ limit 32GBWin2K+ limit 32GB
Maximum file size 4 GBMaximum file size 4 GB
Supports long file names 255Supports long file names 255characterscharacters
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
24/46
2424
FAT32 Partition StructureFAT32 Partition Structure
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
25/46
2525
NTFSNTFS
Supported by Windows NT and aboveSupported by Windows NT and abovePartition size up to 2TBPartition size up to 2TB
Supports up 2Supports up 26464
bytes - 16 exabytesbytes - 16 exabytesMaximum file size limited by volume sizeMaximum file size limited by volume sizeSupports long file names 255 charactersSupports long file names 255 charactersCompressionCompressionEncryptionEncryptionEnhanced SecurityEnhanced Security
Journaling Journaling
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
26/46
2626
Introduction to NTFSIntroduction to NTFS
Should try to format Windows 2000Should try to format Windows 2000partitions with NTFSpartitions with NTFS
Guarantees the consistency of the volumeGuarantees the consistency of the volumeby using standardby using standard transaction logging andtransaction log ging andrecovery techniquesrecovery techniquesSupports all Windows 2000 operatingSup ports all Windows 2000 operatingsystem featuressy stem featuresAllows you to setAllows you to set local permissions on fileslocal p ermissions on filesand foldersand folders that specify which groups andthat specify which groups andusers have access to themusers have access to them
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
27/46
2727
CD and DVD SupportCD and DVD Support
CDROM File System (CDFS)CDROM File System (CDFS)Uppercase 32 character namesUppercase 32 character names8 level directory tree8 level directory tree
Universal Disk Format (UDF)Universal Disk Format (UDF)Logical/Physical sector size same for entire volumeLogical/Physical sector size same for entire volumeBlock size should be set to logical sector sizeBlock size should be set to logical sector size
Physical sector size same for all media in volume setPhysical sector size same for all media in volume setDVD supportDVD support
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
28/46
2828
Basic vs DynamicBasic vs Dynamic
Basic storageBasic storageIndustry standardIndustry standardContains partitions, extended partitions, & logical drivesContains partitions, extended partitions, & logical drivesDefault for new disk added to Win2kDefault for new disk added to Win2kBackward compatible with WinNTBackward compatible with WinNT
Dynamic storageDynamic storageWin2K featureWin2K featureSingle partition includes entire diskSingle partition includes entire diskDisk is divided into volumesDisk is divided into volumes
May span multiple physical disksMay span multiple physical disksCan resize as neededCan resize as neededUpgrade a basic disk to a dynamic diskUpgrade a basic disk to a dynamic disk
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
29/46
2929
Storage TypesStorage Types
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
30/46
3030
Disk Management Snap-InDisk Management Snap-In
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
31/46
3131
Windows NetworkingWindows Networking
ConceptsConcepts Two different security models used in Two different security models used inWindows environmentsWindows environments
WorkgroupWorkgroupDomainDomain
Three roles for a Windows Server 2003 Three roles for a Windows Server 2003system in a networksystem in a network
Standalone serverStandalone serverMember serverMember serverDomain controllerDomain controller
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
32/46
3232
WorkgroupsWorkgroupsA workgroup is a logical group of A workgroup is a logical group of computerscomputers
Characterized by a decentralized securityCharacterized by a decentralized securityand and administration modeland and administration model
Authentication provided by a local accountAuthentication provided by a local accountdatabase database Security Accounts Manager (SAM)Security Accounts Manager (SAM)
LimitationsLimitationsUsers need unique accounts on eachUsers need unique accounts on each
workstationworkstationUsers manage their own accounts (securityUsers manage their own accounts (securityissues)issues)Not very scalableNot very scalable
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
33/46
3333
Workgroups (cont)Workgroups (cont)
Peer to Peer connections emphasizedPeer to Peer connections emphasizedEach machine must have a user databaseEach machine must have a user database
Machines can connectin the network withoutsecurity if GuestAccount active withoutpassword.
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
34/46
3434
DomainsDomainsMust have at least one Win2000 ServerMust have at least one Win2000 Serverto define domain.to define domain.Centralized Administration of AccountsCentralized Administration of Accounts& Security& SecurityOne Account, One Logon, OneOne Account, One Logon, OnePasswordPassword
Domain not reliant on physical factorsDomain not reliant on physical factorsOne security policy for entire domainOne security policy for entire domain
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
35/46
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
36/46
3636
Differences betweenDifferences between
DomainsDomainsWindows NT 4.0 ServersWindows NT 4.0 Servers
Must have a Master computer acting as theMust have a Master computer acting as thePrimary Domain ControllerPrimary Domain ControllerCan have secondary computers acting as BackupCan have secondary computers acting as BackupDomain ControllersDomain ControllersOnce Server is established as a Domain Controller, itOnce Server is established as a Domain Controller, itcannot be shifted to another Domaincannot be shifted to another Domain
Domains are limited to 40,000 entries (i.e. Users,Domains are limited to 40,000 entries (i.e. Users,Groups, etc.)Groups, etc.)
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
37/46
3737
Differences betweenDifferences between
DomainsDomainsWindows 2000+ ServersWindows 2000+ Servers
Domain controller(s) maintain theDomain controller(s) maintain theActive Directory data storeActive Directory data storeDomain controllers can shiftDomain controllers can shiftbetween domainsbetween domains
Windows 2000 Domains do notWindows 2000 Domains do nothave the limitation on entries thathave the limitation on entries thatNT 4.0 Domains experience.NT 4.0 Domains experience.
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
38/46
3838
DomainsDomains
A domain is a logical group of computersA domain is a logical group of computersCharacterized byCharacterized by centralized authentication andcentralized authentication andadministrationadministration
Authentication provided through centralizedAuthentication provided through centralizedActive DirectoryActive Directory
Active Directory databaseActive Directory database cancan be physicallybe p hysically distributed across domain controllersdistributed across domain controllers
Requires at least one system configured as aRequires at least one system configured as adomain controllerdomain controller
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
39/46
3939
Member ServersMember Servers
A member serverA member serverHas an account in a domainHas an account in a domain
IsIs notnot configured as a domain controllerconfigured as a domain controller Typically used for file, print, application, and Typically used for file, print, application, andhost network serviceshost network servicesAll 4 Windows Server 2003 Editions can beAll 4 Windows Server 2003 Editions can be
configured as member serversconfigured as member servers
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
40/46
4040
Windows NetworkingWindows Networking
ConceptsConcepts Two different security models used in Two different security models used inWindows environmentsWindows environments
WorkgroupWorkgroupDomainDomain
Three roles for a Windows Server 2003 Three roles for a Windows Server 2003system in a networksystem in a network
Standalone serverStandalone serverMember serverMember serverDomain controllerDomain controller
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
41/46
4141
Domain ControllersDomain Controllers
Explicitly configured to store a copy of Explicitly configured to store a copy of Active DirectoryActive Directory
Service user authentication requestsService user authentication requestsService queries about domain objectsService queries about domain objectsMay be a dedicated server but is notMay be a dedicated server but is notrequired to berequired to be
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
42/46
4242
Windows NTWindows NT
Primary Domain Controller (PDC)Primary Domain Controller (PDC)Read/Write copy of SAMRead/Write copy of SAM
Backup Domain Controller (BDC)Backup Domain Controller (BDC)Read only replica copy of SAMRead only replica copy of SAM
Trust relationships explicitly setup Trust relationships explicitly setupNot transitiveNot transitive
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
43/46
4343
NT DomainsNT DomainsNT uses the concept of a domain to manage globalNT uses the concept of a domain to manage globalaccess rights within groups.access rights within groups.A domain is a group of machines running NT serverA domain is a group of machines running NT serverthat share a common security policy and userthat share a common security policy and userdatabase.database.
NT provides four domain models to manage multipleNT provides four domain models to manage multipledomains within a single organization.domains within a single organization.Single domain modelSingle domain model , domains are isolated., domains are isolated.Master domain modelMaster domain model , one of the domains is designated the, one of the domains is designated themaster domain.master domain.
Multiple master domain modelMultiple master domain model , there is more than one, there is more than onemaster domain, and they all trust each other.master domain, and they all trust each other.Multiple trust modelMultiple trust model , there is no master domain. All, there is no master domain. Alldomains manage their own users, but they also all trustdomains manage their own users, but they also all trusteach other.each other.
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
44/46
4444
Simplest Windows NT domainmodel
One domain that servicesevery user and resource
Single domain model
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
45/46
4545
Uses a single domain to exert control over user account information Separate resource domains manage resources such as networked printers
Master domain model
-
8/4/2019 Chapter 10 Windows Server 2003 Part I
46/46
Whats NextWhats Next
Active Directory