Chapter 10 Windows Server 2003 Part I

8/4/2019 Chapter 10 Windows Server 2003 Part I

1/46

Chapter 10Chapter 10

Networking With WindowsNetworking With Windows


2/46

22

Why MicrosoftWhy Microsoft

Market LeaderMarket Leader

GUIGUI Tools in the Box Tools in the BoxSupportSupport

HistoryHistory1985 MS Net1985 MS Net

1993 NT 3.11993 NT 3.11995 NT 3.511995 NT 3.511996 NT 4.01996 NT 4.02000 Win 20002000 Win 20002003 Server 20032003 Server 2003LonghornLonghornBlackcombBlackcomb


3/46

33

GoalsGoals

To To ensure that network resourcesensure that network resources such assuch as

files, folders, and printersfiles, folders, and printers are availableare available totousersusers

To To secure the networksecure the network so that availableso that available

resources are only accessible to usersresources are only accessible to userswho have been granted the properwho have been granted the properpermissionspermissions


4/46

44

Windows Server 2003Windows Server 2003

EditionsEditionsMultiple versions of Windows Server 2003Multiple versions of Windows Server 2003existexist

Each version is defined to meet the need of Each version is defined to meet the need of a certain market segmenta certain market segmentVersions Include:Versions Include:

Standard EditionStandard EditionEnterprise EditionEnterprise EditionDatacenter EditionDatacenter EditionWeb EditionWeb Edition


5/46

55

Standard EditionStandard EditionDesigned forDesigned for everyday needs of small toevery

day needs of small tomediummedium businessesbusinesses or as a departmentalor as a departmentalserver for larger organizationsserver for larger organizations

Provides file and print services, secureProvides file and print services, secureInternet connectivity, centralizedInternet connectivity, centralizedmanagement of network resourcesmanagement of network resources

Logical upgrade path for Windows 2000Logical upgrade path for Windows 2000ServerServer

Can be used as a domain controller, memberCan be used as a domain controller, memberserver, or standalone serverserver, or standalone server


6/46

66

Standard EditionStandard Edition

(continued)(continued)


7/46

77

Enterprise EditionEnterprise EditionGenerally used forGenerally used for medium to large businessesmedium to large businesses

Designed for organizations that requireDesigned for organizations that require betterbetter

performance, reliability, and availabilityperformance, reliability, and availability thanthanStandard Edition providesStandard Edition provides

Provides support for mission-critical applicationsProvides support for mission-critical applications

Available inAvailable in both 32 and 64-bitboth 32 and 64-bit editionseditions


8/46

88

Enterprise EditionEnterprise Edition(continued)(continued)


9/46

99

Enterprise EditionEnterprise Edition

(continued)(continued)


10/46

1010

Datacenter EditionDatacenter Edition

Designed forDesigned for mission-critical applicationsmission-critical ap plications ,,very large databases, and informationvery large databases, and information

access that requires the highest levels of access that requires the highest levels of availabilityavailability

Can only beCan only be obtained from Originalobtained from Orig inalEquipment ManufacturersEq uipment Manufacturers (OEMs)(OEMs)


11/46

1111

Datacenter EditionDatacenter Edition

ContinuedContinued


12/46

1212

Web EditionWeb Edition

Lower-cost editionLower-cost edition

Designed forDesigned for hosting and deploying Web services andhosting and deploying Web services andapplicationsap plications

Meant for small to large companies or departmentsMeant for small to large companies or departmentsthat develop and/or deploy Web servicesthat develop and/or deploy Web services

Can only beCan only be obtained from Original Equipmentobtained from Orig inal EquipmentManufacturersManufacturers (OEMs)(OEMs)


13/46

1313

Web Edition (continued)Web Edition (continued)


14/46

1414

Windows 2000/2003Windows 2000/2003

ArchitectureArchitecture


15/46

1515

Two Different Operating Two Different Operating

ModesModes

Executive Services

User Mode

Kernel Mode

OS/2Application

Virtual DOSMachine (VDM)

Win32Application

POSIXApplication

LogonProcess

OS/2Subsystem

Win32Subsystem

POSIXSubsystem

SecuritySubsystem


16/46

1616

The Intel Memory Model The Intel Memory Model

ExecutiveServicesRing 0

Ring 1

Ring 2

Ring 3

Kernel Mode

User Mode

A p p s A p p s

Win2K Operating SystemExecutive Services always operate inRing 0

Executive Services cannot be pagedout to Virtual Memory (Hard Disk)

User Mode Applications run through

Application Programming Interfaces(APIs) to request services fromExecutive Services


17/46

1717

Architectural LayersArchitectural Layers

User modeUser modeProcesses protected by the OSProcesses protected by the OSNo direct access to hardwareNo direct access to hardware

Kernel modeKernel modeProcesses protected by the CPUProcesses protected by the CPUDirect access all hardware and memoryDirect access all hardware and memory


18/46

1818

User ModeUser Mode

Environment subsystemsEnvironment subsystemsProvides APIs forProvides APIs for

CSRSS.EXE - Windows 32bit ApplicationsCSRSS.EXE - Windows 32bit ApplicationsOS/2 DOS 16bit ApplicationsOS/2 DOS 16bit ApplicationsUnix compatible ApplicationsUnix compatible Applications

Integral subsystemsIntegral subsystemsSecuritySecurity

Tracking user rights and permissions Tracking user rights and permissionsLogin authenticationLogin authentication


19/46

1919

Kernel ModeKernel Mode

ExecutiveExecutiveManages all I/OManages all I/OCommunications between clients and serversCommunications between clients and servers

LPC Local Procedure CallLPC Local Procedure CallRPC Remote Procedure CallRPC Remote Procedure CallVMMVMM

Hardware Abstraction Layer (HAL)Hardware Abstraction Layer (HAL)Library of hardware routinesLibrary of hardware routinesMakes OS portableMakes OS portable

Kernel-mode driversKernel-mode driversDevice drivers programs that control devicesDevice drivers programs that control devicesWDM - Windows Driver ModelWDM - Windows Driver Model

Support of Windows 98/MESupport of Windows 98/ME


20/46

2020

The FAT File System The FAT File SystemFile Allocation Table (FAT)File Allocation Table (FAT)

File location and AttributesFile location and Attributes Two copies of the FAT are stored on the Two copies of the FAT are stored on the

volume.volume.FAT16FAT16

DOS thru Windows Server 2003DOS thru Windows Server 2003

FAT32 (VFAT)FAT32 (VFAT)Windows 95 OSR2 and aboveWindows 95 OSR2 and above You can move or copy files between You can move or copy files betweenFAT and NTFS volumes.FAT and NTFS volumes.


21/46

2121

The FAT16 File System The FAT16 File System

Supports up to 2TBSupports up to 2TBLimited to 4 partitionsLimited to 4 partitions

4 primary or4 primary or3 primary and 1 extended3 primary and 1 extendedLimited to 4GbLimited to 4Gb

Maximum file size 2GBMaximum file size 2GBShort file names 8.3Short file names 8.3


22/46

2222

Structure FAT16 DiskStructure FAT16 Disk

Basically the directory

Name

Attribute

Create data

Modified data

Starting Cluster

File size


23/46

2323

FAT32 (VFAT)FAT32 (VFAT)

FAT32 supports partitions larger thanFAT32 supports partitions larger thanthose handled by FAT16.those handled by FAT16.

2047 GB theoretical2047 GB theoreticalWin2K+ limit 32GBWin2K+ limit 32GB

Maximum file size 4 GBMaximum file size 4 GB

Supports long file names 255Supports long file names 255characterscharacters


24/46

2424

FAT32 Partition StructureFAT32 Partition Structure


25/46

2525

NTFSNTFS

Supported by Windows NT and aboveSupported by Windows NT and abovePartition size up to 2TBPartition size up to 2TB

Supports up 2Supports up 26464

bytes - 16 exabytesbytes - 16 exabytesMaximum file size limited by volume sizeMaximum file size limited by volume sizeSupports long file names 255 charactersSupports long file names 255 charactersCompressionCompressionEncryptionEncryptionEnhanced SecurityEnhanced Security

Journaling Journaling


26/46

2626

Introduction to NTFSIntroduction to NTFS

Should try to format Windows 2000Should try to format Windows 2000partitions with NTFSpartitions with NTFS

Guarantees the consistency of the volumeGuarantees the consistency of the volumeby using standardby using standard transaction logging andtransaction log ging andrecovery techniquesrecovery techniquesSupports all Windows 2000 operatingSup ports all Windows 2000 operatingsystem featuressy stem featuresAllows you to setAllows you to set local permissions on fileslocal p ermissions on filesand foldersand folders that specify which groups andthat specify which groups andusers have access to themusers have access to them


27/46

2727

CD and DVD SupportCD and DVD Support

CDROM File System (CDFS)CDROM File System (CDFS)Uppercase 32 character namesUppercase 32 character names8 level directory tree8 level directory tree

Universal Disk Format (UDF)Universal Disk Format (UDF)Logical/Physical sector size same for entire volumeLogical/Physical sector size same for entire volumeBlock size should be set to logical sector sizeBlock size should be set to logical sector size

Physical sector size same for all media in volume setPhysical sector size same for all media in volume setDVD supportDVD support


28/46

2828

Basic vs DynamicBasic vs Dynamic

Basic storageBasic storageIndustry standardIndustry standardContains partitions, extended partitions, & logical drivesContains partitions, extended partitions, & logical drivesDefault for new disk added to Win2kDefault for new disk added to Win2kBackward compatible with WinNTBackward compatible with WinNT

Dynamic storageDynamic storageWin2K featureWin2K featureSingle partition includes entire diskSingle partition includes entire diskDisk is divided into volumesDisk is divided into volumes

May span multiple physical disksMay span multiple physical disksCan resize as neededCan resize as neededUpgrade a basic disk to a dynamic diskUpgrade a basic disk to a dynamic disk


29/46

2929

Storage TypesStorage Types


30/46

3030

Disk Management Snap-InDisk Management Snap-In


31/46

3131

Windows NetworkingWindows Networking

ConceptsConcepts Two different security models used in Two different security models used inWindows environmentsWindows environments

WorkgroupWorkgroupDomainDomain

Three roles for a Windows Server 2003 Three roles for a Windows Server 2003system in a networksystem in a network

Standalone serverStandalone serverMember serverMember serverDomain controllerDomain controller


32/46

3232

WorkgroupsWorkgroupsA workgroup is a logical group of A workgroup is a logical group of computerscomputers

Characterized by a decentralized securityCharacterized by a decentralized securityand and administration modeland and administration model

Authentication provided by a local accountAuthentication provided by a local accountdatabase database Security Accounts Manager (SAM)Security Accounts Manager (SAM)

LimitationsLimitationsUsers need unique accounts on eachUsers need unique accounts on each

workstationworkstationUsers manage their own accounts (securityUsers manage their own accounts (securityissues)issues)Not very scalableNot very scalable


33/46

3333

Workgroups (cont)Workgroups (cont)

Peer to Peer connections emphasizedPeer to Peer connections emphasizedEach machine must have a user databaseEach machine must have a user database

Machines can connectin the network withoutsecurity if GuestAccount active withoutpassword.


34/46

3434

DomainsDomainsMust have at least one Win2000 ServerMust have at least one Win2000 Serverto define domain.to define domain.Centralized Administration of AccountsCentralized Administration of Accounts& Security& SecurityOne Account, One Logon, OneOne Account, One Logon, OnePasswordPassword

Domain not reliant on physical factorsDomain not reliant on physical factorsOne security policy for entire domainOne security policy for entire domain


35/46


36/46

3636

Differences betweenDifferences between

DomainsDomainsWindows NT 4.0 ServersWindows NT 4.0 Servers

Must have a Master computer acting as theMust have a Master computer acting as thePrimary Domain ControllerPrimary Domain ControllerCan have secondary computers acting as BackupCan have secondary computers acting as BackupDomain ControllersDomain ControllersOnce Server is established as a Domain Controller, itOnce Server is established as a Domain Controller, itcannot be shifted to another Domaincannot be shifted to another Domain

Domains are limited to 40,000 entries (i.e. Users,Domains are limited to 40,000 entries (i.e. Users,Groups, etc.)Groups, etc.)


37/46

3737

Differences betweenDifferences between

DomainsDomainsWindows 2000+ ServersWindows 2000+ Servers

Domain controller(s) maintain theDomain controller(s) maintain theActive Directory data storeActive Directory data storeDomain controllers can shiftDomain controllers can shiftbetween domainsbetween domains

Windows 2000 Domains do notWindows 2000 Domains do nothave the limitation on entries thathave the limitation on entries thatNT 4.0 Domains experience.NT 4.0 Domains experience.


38/46

3838

DomainsDomains

A domain is a logical group of computersA domain is a logical group of computersCharacterized byCharacterized by centralized authentication andcentralized authentication andadministrationadministration

Authentication provided through centralizedAuthentication provided through centralizedActive DirectoryActive Directory

Active Directory databaseActive Directory database cancan be physicallybe p hysically distributed across domain controllersdistributed across domain controllers

Requires at least one system configured as aRequires at least one system configured as adomain controllerdomain controller


39/46

3939

Member ServersMember Servers

A member serverA member serverHas an account in a domainHas an account in a domain

IsIs notnot configured as a domain controllerconfigured as a domain controller Typically used for file, print, application, and Typically used for file, print, application, andhost network serviceshost network servicesAll 4 Windows Server 2003 Editions can beAll 4 Windows Server 2003 Editions can be

configured as member serversconfigured as member servers


40/46

4040

Windows NetworkingWindows Networking

ConceptsConcepts Two different security models used in Two different security models used inWindows environmentsWindows environments

WorkgroupWorkgroupDomainDomain

Three roles for a Windows Server 2003 Three roles for a Windows Server 2003system in a networksystem in a network

Standalone serverStandalone serverMember serverMember serverDomain controllerDomain controller


41/46

4141

Domain ControllersDomain Controllers

Explicitly configured to store a copy of Explicitly configured to store a copy of Active DirectoryActive Directory

Service user authentication requestsService user authentication requestsService queries about domain objectsService queries about domain objectsMay be a dedicated server but is notMay be a dedicated server but is notrequired to berequired to be


42/46

4242

Windows NTWindows NT

Primary Domain Controller (PDC)Primary Domain Controller (PDC)Read/Write copy of SAMRead/Write copy of SAM

Backup Domain Controller (BDC)Backup Domain Controller (BDC)Read only replica copy of SAMRead only replica copy of SAM

Trust relationships explicitly setup Trust relationships explicitly setupNot transitiveNot transitive


43/46

4343

NT DomainsNT DomainsNT uses the concept of a domain to manage globalNT uses the concept of a domain to manage globalaccess rights within groups.access rights within groups.A domain is a group of machines running NT serverA domain is a group of machines running NT serverthat share a common security policy and userthat share a common security policy and userdatabase.database.

NT provides four domain models to manage multipleNT provides four domain models to manage multipledomains within a single organization.domains within a single organization.Single domain modelSingle domain model , domains are isolated., domains are isolated.Master domain modelMaster domain model , one of the domains is designated the, one of the domains is designated themaster domain.master domain.

Multiple master domain modelMultiple master domain model , there is more than one, there is more than onemaster domain, and they all trust each other.master domain, and they all trust each other.Multiple trust modelMultiple trust model , there is no master domain. All, there is no master domain. Alldomains manage their own users, but they also all trustdomains manage their own users, but they also all trusteach other.each other.


44/46

4444

Simplest Windows NT domainmodel

One domain that servicesevery user and resource

Single domain model


45/46

4545

Uses a single domain to exert control over user account information Separate resource domains manage resources such as networked printers

Master domain model


46/46

Whats NextWhats Next

Active Directory

Chapter 10 Windows Server 2003 Part I

Documents

Transcript of Chapter 10 Windows Server 2003 Part I