Windows 2000 Server
Download
Report
Transcript Windows 2000 Server
EC 324
Managing & Maintaining
A Network
Saturday Mornings
8:00 am (uggh!) - 12:00 pm
Administrative Items
• Course Syllabus
–
–
–
–
–
Description
Objectives
Course Text
Grading
Supplies needed
• How We Got Here, and Where We’re Going
[email protected]
636-464-6600; 1-888-488-1082
Purpose of Course
To become a successful Technical Project
Manager, one must have an understanding of
how your E-Commerce affects various
components in the corporate environment.
One of the areas that you will most impact is
the Networking Department(s) within that
organization. These areas support and
maintain the systems you create and oversee.
You are their customer; but, your success is
heavily dependent on them.
So???
Throughout this quarter, we will be
looking at the Management of a
Corporate Network environment.
Module 1: Components,
Configuration, Strategic Decisions
Chapter 1: Desktops
Chapter 2: Servers
Chapter 18: Networks
Chapter 14: Centralization & Decentralization
To be covered over Weeks 1 and 2
What is a Network?
A grouping of computer nodes that are
interconnected for the purpose of data
communication.
Why do we Need a Computer Network?
Computer networks are supposed to increase
efficiencies so that resources can be focused
on core business functions.
How do we effectively set up and run a
network?
• We will be using Windows 2000 as
the test O/S for network
administration in this class
• Prior knowledge of NT or 2000 will
not be required, but will help you
– IT students will get to refresh
– Electronics students will become
exposed to concepts in networking
Please ask questions!
Overview of DHCP
• Manual vs. Automatic TCP/IP
Configuration
• DHCP Operation
• The DHCP Lease Generation
Process
• The DHCP Lease Renewal Process
• Requirements for DHCP Servers
and Clients
What is DHCP?
• Dynamic Host Configuration Protocol
• DHCP assigns an IP address to the host
when user logs in. IP address is like
postal address. Allows one to access
information in network, similar to a
key. Based upon your key, you have
access to particular files, printers whether you will merely use them,
manage them, or not even see them
Manual vs. Automatic TCP/IP Configuration
Manual TCP/IP Configuration
Automatic TCP/IP Configuration
Disadvantages
Advantages
IP addresses entered manually
on each client computer
IP addresses are supplied
automatically to client computers
Possibility of entering
incorrect or invalid IP address
Ensures that clients always use
correct configuration information
Incorrect configuration can
lead to communication and
network problems
Elimination of common source of
network problems
Administrative overload on
networks where computers are
frequently moved
Client configuration updated
automatically to reflect changes in
network structure
DHCP Operation
Non-DHCP Client:
static IP
configuration
DHCP Client:
IP configuration
from
DHCP server
IP Address1
DHCP Client:
IP configuration
from DHCP server
IP Address2
DHCP
Database
IP Address1
IP Address2
IP Address3
DHCP
Server
The DHCP Lease Generation
Process
DHCP Client
1
DHCP Servers
IP Lease Request
IP Lease Offer
2
3 IP Lease Selection
IP Lease
Acknowledgement
4
The DHCP Lease Renewal Process
DHCPREQUEST
Source IP Address = 192.168.0.77
Dest. IP Address = 192.168.0.108
Requested IP Address = 192.168.0.77
Hardware Address = 08004....
DHCPACK
DHCP Client
Source IP Address = 192.168.0.108
Dest. IP Address = 192.168.0.77
Offered IP Address = 192.168.0.77
Client Hardware Address = 08004...
Subnet Mask = 255.255.255.0
Length of Lease = 8 days
Server Identifier = 192.168.0.108
DHCP Option: Router = 192.168.0.1
DHCP Server
Requirements for DHCP Servers
and Clients
• DHCP Server Requirements (Windows 2000
Server)
– The DHCP service
– Static IP address, subnet mask, default gateway
– Range of valid IP addresses
• DHCP Clients
–
–
–
–
–
–
–
Windows 2000 Professional or Windows 2000 Server
Windows NT Server or Workstation 3.51 or later
Windows 95 or Windows 98
Windows for Workgroups 3.11, running TCP/IP-32
Microsoft Network Client 3.0 for MS-DOS
LAN Manager 2.2c
Non-Microsoft operating systems
Installing the DHCP Service
Networking Services
To add or remove a component, click the check box. A shaded box means that only part
of the component will be installed. To see what’s included in a component, click Details.
Subcomponents of Networking Services:
COM Internet Services Proxy
0.0 MB
0.8 MB
0.0 MB
Domain Name System (DNS)
Dynamic Host Configuration Protocol (DHCP)
0.0 MB
Internet Authentication Service
0.0 MB
QoS Admission Control Service
0.0 MB
Simple TCP/IP Services
0.0 MB
Site Server LDAP Services
1.8 MB
Description:
Enables a network connected to the Internet to automatically assign a
temporary IP address to a host when the host connects to the network.
Total disk space required:
Space available on disk:
0.9 MB
Details...
912.4 MB
OK
Cancel
Authorizing the DHCP Service
Domain Controller/
DHCP server
If authorized,
the service starts
properly
If unauthorized,
the service logs
an error and will not
respond to clients
DHCP Server
DHCP Service
Checks For
Authorization
Clients
DHCP Server
Creating and Configuring a Scope
•
•
•
•
•
Overview of Scopes
Using The New Scope Wizard
Configuring a Scope with Options
Customizing the Use of Scope Options
Reserving IP Addresses for Client
Computers
Overview of Scopes
Scope
192.168.1.0
192.168.1.1
192.168.1.2
192.168.1.3
192.168.1.4
DHCP Server
IP Addresses Available for
Lease to Client Computers
Using the New Scope Wizard
You use the New Scope Wizard to:
– Configure scope parameters
– Change the default lease duration
– Activate a scope
Configuring a Scope with Options
Scope Options Supported by DHCP
Include:
–
–
–
–
–
IP Address of a Router
IP Address of a DNS Server
DNS Domain Name
IP Address of a WINS Server
Type of NetBIOS over TCP/IP Name
Resolution
Customizing the Use of Scope
Options
Scope Options
Server Level
Scope Level
Class Level
Reserved Client Level
Reserving IP Addresses for Client
Computers
New Reservation
Provide information for a reserved client.
Reservation name:
Stuttgart Server
IP address:
192 . 168 . 1 . 201
MAC address:
00a024e2b01a
Description:
DHCP Reservation for Server
Supported types
Both
DHCP only
BOOTP only
Add
Close
Customizing DHCP Functionality
• Using Option Classes
• Combining Scopes by Using
Superscopes
• Issuing Multicast Addresses by Using
Multicast Scopes
Using Option Classes
• Vendor-defined Classes Manage DHCP Options
Identified by Operating System Vendor Type
• User-defined Classes Manage DHCP Options with
Common Configuration Requirements
Configuration A
Client1
Client2
DHCP
Server
Configuration B
Configuration C
Client3
Combining Scopes by Using
Superscopes
SuperscopeA
DHCP
Server
192.168.1.1
Scope1
192.168.1.1
Scope2
192.168.2.1
192.168.1.254
192.168.2.254
192.168.1.254
192.168. 2.1
192.168. 2.254
Configuring DHCP in a Routed
Network
• Routed Network Configuration Options
• Using a DHCP Relay Agent
Routed Network Configuration Options
DHCP Client
Non RFC
Compliant
Broadcast
RFC
Compliant
Router
Router
Broadcast
Broadcast
DHCP
Relay
Agent
Broadcast
Windows 2000
Server
DHCP Client
DHCP Server
Using a DHCP Relay Agent
DHCP Client
Subnet 1
DHCP relay agent receives
detects the
DHCP client receives
broadcasts
thea
broadcast
reply
from and
the DCHP
sendsserver
the
DHCP message
broadcast
message
and
sendstoathe
broadcast
DHCP server
Broadcast
Broadcast
DHCP Relay Agent
Router
Subnet 2
DHCP Server
Monitoring The DHCP Server Service
When You Enable Logging, the DHCP Server Creates
Log Files Called DhcpSrvLog.xxx. The DHCP Server
Stores These Files in the DHCP Database Directory
Dhcp
DHCP
Database
SrvLog
Troubleshooting DHCP Database Problems
DHCP
Database
Backup
Stored
systemroot\system32\dhcp
systemroot\system32\dhcp\backup\jet\new
Removing a DHCP Server from
Service
Before Removing a DHCP Server from Service
Set short lease durations for clients
Ensure new lease for clients
Record any reserved addresses
Large address pool in other DHCP servers
Transfer IP address to the new scope
Deploying Windows 2000
Professional by Using
Remote Installation
Services (RIS)
Overview
• RIS Overview
• Installing and Configuring RIS
• Configuring Remote Installation
Options
• Deploying Images by Using RIS
• Creating an RIPrep Image
• Comparing CD-Based Images and
RIPrep Images
• Identifying Solutions to RIS Problems
RIS Overview
RIS Server
RIS Client Computer
Operating System Only
Marketing Applications
CD-based or RIPrep
Images
Operating System Choices
RIS allows an administrator the ability to set up multiple
computers at the same time using a common image which reduces the time to set the computers up and add to
the network.
Installing and Configuring RIS
• Identifying RIS Requirements
• Installing and Starting RIS
• Configuring RIS Security Settings
Identifying RIS Requirements
Network Requirements
DHCP Server Service
Active Directory
DNS Server Service
Server Requirements
Client Requirements
2 GB Minimum Total
Disk Space
Windows 2000 Professional
Hardware Requirements
Images Stored on
NTFS Partition
Network Boot Capability
PXE Boot ROM Version .99c
Installing and Starting RIS
Provide the Setup Wizard with:
Folder location
for images and supporting files
Initial client support settings
Location of source files
Initial image folder name
Friendly description and Help text
The Setup Wizard Will:
Create
a RIS folder structure
Copy supporting RIS files to the server
Create a CD-based image of Windows 2000 Professional
Start the services required for RIS
Configuring RIS Security Settings
Authorize the RIS Server
DHCP
Assign User Permissions
Delegation of Control Wizard
Action View
DHCP
Contents of DHCP
Status
Risserver7.nwtraders.…
Add Server…
Browse authorized
Manage
authorizedservers…
servers...
Not authorized
Permissions
Select the permissions you want to delegate.
Show these permissions:
General
View
Property-specific
Creation/deletion of specific child objects
Export List…
HelpAuthorized Servers
Manage
Authorized DHCP servers:
Name
IP Address
risserver1
192.168.1.23
Authorize...
Unauthorize
Full Control
Read
Write
Create All Child Objects
Delete All Child Objects
Read All Properties
Refresh
< Back
Authorize DHCP Server
Type the name or IP address of the DHCP server to authorize.
Name or IP address:
risserver2
Manage
OK
Close
Cancel
Next >
Cancel
Configuring Remote Installation
Options
• Configuring Client Computer Names
and Locations
• Prestaging Client Computers
• Configuring Client Installation Options
• Configuring Maintenance and
Troubleshooting Utilities
Configuring Client Computer Names & Locations
risserver2-Remote-Installation-Services Properties
New Clients
Images
Tools
Select a computer naming format for new client computers, and
set the location in the directory service where client computer
accounts will be created.
Client computer naming format
Generate client computer name using:
Username
Customize
Name
First initial, Last name
Last name, First Initial
First name, Last Initial
Last initial, First name
Username
NP plus MAC
Custom
Create the client computer account in the following
directory service location:
Default directory service location
Location
Same location as that of the user setting up the client computer
The following directory service location:
Browse...
nwtraders.msft\riscomputers
OK
Cancel
Apply
Customize
Names
Prestaging Client Computers
Prestaged
computer1 Properties
Computer1
Computer2
Computer3
General
Location
Operating System
Managed By
Member Of
Remote Install
The following information is used to maintain
this computer
Computer’s unique ID:
{00000000-0000-0000-0000-00500409E77C}
RISSERVER.Nwtraders.msft
Operating System
Browse...
If a remote installation server is not specified, the client will
boot from any available server.
Server Settings...
Computer3
Computer4
OK
Cancel
Apply
Configuring Client Installation Options
Choice Options Properties
Policy
Choice Screen Options
Set the policy for the options available to users during the
client installation wizard.
Automatic Setup
Allow
Custom Setup
Allow
Don’t care
Don’t care
Deny
Deny
Restart Setup
Allow: Option Will Be
Available to Users
Don’t care: Setting
Will Be Inherited from
Parent Site, Domain,
or OU
Deny: Option Will Not
Be Available to Users
Tools
Allow
Allow
Don’t care
Don’t care
Deny
Deny
OK
Cancel
Apply
Configuring Maintenance & Troubleshooting
Utilities
LONDON-Remote-Installation-Services Properties
New Clients Images
Tools
The following maintenance and troubleshooting tools
are installed on this remote installation server.
Description
Platform
i386
i386
i386
Third-party utility1 Ver 2.00
Third-party utility2 Ver 2.00
Third-party utility3 Ver 2.00
Remove
OK
Properties
Cancel
Refresh
Apply
Diagnose Hardware
Problems
Upgrade BIOS
Deploying Images by Using RIS
• Modifying the Installation of a CDBased Image
• Associating an Answer File with an
Image
• Restricting Images
• Creating a RIS Startup Disk
• Installing an Image on a RIS Client
Computer
Modifying the Installation of a
CD-Based Image
Answer File
[Unattended]
[section]
parameter = value
CD-Based Image
RIS Client
Computers
Associating an Answer File with
an Image
RISServer-Remote-Installation-Services Properties
New Clients
*.sif
*.sif
Images
Tools
The following installation images are installed on
this remote installation server.
Description
Platform
Windows 2000 Professional
i386
Marketing Applications and OS i386
CD-Based and
RIPrep Images
Add...
Remove
Properties
OK
Cancel
Language
English
English
Refresh
Apply
Restricting Images
answer.sif Properties
General
Security
Summary
Name
Add...
Everyone
Administrators (NWTRADRES\Admini...
Permissions
Remove
Allow
Full Control
Modify
Read & Execute
Read
Write
Deny
Advanced...
Allow inheritable permissions from parent to
propagate to this object.
OK
Cancel
Apply
Set Permissions on
Answer Files to Restrict
Images to Specified
Users or Security
Groups
Creating a RIS Startup Disk
Windows 2000 Remote Boot Disk Generator
To create a remote boot disk for use with the Windows 2000 Remote
Installation Service, insert a formatted floppy disk into either drive A or
drive B, select the destination drive, and then click Create Disk.
The remote boot disk can be used only with computers that contain
supported PCI-based network adapters. For a list of supported
adapters, click Adapter List.
Destination drive
Drive A
About
Drive B
Adapter List
Create Disk
View a List of
CompatibleClose
Network Adapters
Create a Remote
Boot Installation
Disk
Installing an Image on a RIS
Client Computer
F12
Client Installation Wizard
Main Menu
Use the arrow keys to select one of the following options:
Automatic Setup
Custom Setup
Restart a Previous Setup Attempt
Maintenance and Troubleshooting
Description: This is the easiest way to install an operating system
on your computer. Most installation options are already configured by
your network administrator.
[Enter] continue
[F1] help
[F3] restart computer
Creating an RIPrep Image
Setting
Up a Source Computer
Modifying
Creating
the Default User Profile
an Image by Using the Remote
Installation Preparation Wizard
Setting Up a Source Computer
Install Windows 2000 Professional
Configure Components and Settings
Install and Configure Applications
Test the Operating System and
Application Configurations
Network
User
Security
Desktop
Modifying the Default User Profile
Copy To
Copy profile to
OK
C:\Documents and Settings\Default User
Cancel
Browse...
Configure the Source
Computer
Permitted to use
Server1\Administrator
Change...
Copy the Administrator Profile to Default User
Run RIPrep and Create
the Image
Creating an Image by Using the Remote
Installation Preparation Wizard
Source Computer
Removes All SIDs and Unique
Registry Settings
Creates the Image on
a RIS Server
RIPrep Image
Operating System Only
Marketing Department
RIS Server
RIS Client Computer
Comparing CD-Based Images & RIPrep Images
CD-Based Image
.sif
RIPrep Image
Identifying Solutions to RIS
Problems
Err or Client Computers Do Not Get Past the BootP Message
Err or Client Computers Do Not Get Past the DHCP Message
Err or Client Computers Do Not Get Past the BINL Message
Err or Computer Cannot Connect by Using a RIS Boot Disk
Err or You Press F12, but the Computer Cannot Connect to the Server
Err or Expected Installation Options Are Not Available to a User
DNS
Domain Naming Service
Maps FQDNs (Fully Qualified
Domain Names) to IP addresses
www.microsoft.com = 10.10.91.1
Overview of the DNS Query
Process
Query Types
Iterative Query
The DNS server returns the best answer that it can
provide without help from other servers
Recursive Query
The DNS server returns a complete answer to the
query, not a pointer to another DNS server
Lookup Types
Forward Lookup
Requires name-to-address resolution
Reverse Lookup
Requires address-to-name resolution
Installing the DNS Server Service
Networking Services
To add or remove a component, click the check box. A shaded box means that only part
of the component will be installed. To see what’s included in a component, click Details.
Subcomponents of Networking Services:
COM Internet Services Proxy
0.0 MB
Domain Name System (DNS)
1.1 MB
Dynamic Host Configuration Protocol (DHCP)
0.0 MB
Internet Authentication Service
0.0 MB
QoS Admission Control Service
0.0 MB
Simple TCP/IP Services
0.0 MB
Site Server ILS Services
1.6 MB
Description: Sets up a DNS server that answers query and update requests
for DNS names.
Details...
Total disk space required:
Space available on disk:
0.9 MB
1133.3 MB
OK
Cancel
Configuring Name Resolution for Client Computers
Internet Protocol (TCP/IP) Properties
General
You can get IP settings assigned automatically if your
network supports this capability. Otherwise, you need to ask
your network administrator for the appropriate IP settings.
Obtain an IP address automatically
IP Address Can be
Provided by a DHCP
Server or Manually
Configured
Use the following IP address:
IP address:
192 . 168 . 2 . 15
Subnet mask:
255 . 255 . 255 . 0
Default gateway:
Obtain DNS server address automatically
Use the following DNS server addresses:
Preferred DNS server:
192 . 168 . 1 . 2
Alternate DNS server:
Advanced...
OK
Cancel
Creating Zones
• Identifying Zone Types
• Examining the Zone File
• Creating Lookup Zones
Identifying Zone Types
Standard Zones
Zone Transfer
Change
Primary Zone
Active Directory Integrated Zones
Change
Change
Secondary Zone
Zone Transfer
Change
Examining the Zone File
Resource Records in a Zone File Can
Contain a Computer’s
– FQDN
– IP address
– Alias
Record
@ NS casablanca.africa1.nwtraders.msft.
casablanca A 192.168.11.1
marrakech CNAME casablanca.africa1. nwtraders.msft.
1.11.168.192.in-addr.arpa. PTR casablanca.africa1.nwtraders.msft.
DNS Server
Zone
Database
File
Zone
Creating Lookup Zones
Forward Lookup
IP address for nwtraders.msft?
IP address = 192.168.1.50
DNS Server
Reverse Lookup
Name for 192.168.1.50?
Name = nwtraders.msft
DNS Server
Configuring Zones
•
•
•
•
•
Configuring Standard Zones
Zone Transfer Process
Configuring Zone Transfers
Creating a Subdomain
Configuring Active Directory Integrated
Zones
• Migrating Zones to the Windows 2000
DNS Server service
Configuring Standard Zones
• You can configure a DNS server to host standard primary zones,
standard secondary zones, or any combination of zones
• You can designate a primary server or a secondary server as a master
server for a standard secondary zone
A
DNS Server A
B
Primary Zone
Zone
Information
Secondary Zone
(Master DNS Server =
DNS Server A)
DNS Server B
Secondary Zone
(Master DNS Server =
DNS Server A)
DNS Server C
C
Zone Transfer Process
A Zone Transfer Is Initiated When
– A master DNS server sends notification of zone changes to the
secondary server or servers
– The secondary server queries a master DNS server for changes
to the zone file
DNS
Server
DNS
Server
(Master)
Primary Zone
Database File
nwtraders
Secondary Zone
Database File
training
support
Zone 1
Configuring Zone Transfers
nwtraders.msft Properties
WINS
General
Zone Transfers
Start of Authority (SOA)
Serial number:
28
Primary server:
london.contoso.com
Security
nwtraders.msft Properties
Name Servers
General
Start of Authority (SOA)
Name Servers
Zone Transfers
WINS
Security
Increment
A zone transfer sends a copy of the zone to requesting
servers.
Allow zone transfers
Browse…
To any server
Responsible person:
Browse…
admin.
Refresh interval:
15
minutes
Retry interval:
10
minutes
Expires after:
1
days
:1
:0
:0
TTL for this record:
:1
:0
:0
OK
Only to the following servers
IP address:
Add
Remove
Minimum [default] TTL: 0
0
Only to servers listed on the Name Servers tab
To specify secondary servers to be notified of zone
updates, click Notify.
Cancel
Notify…
Apply
OK
Cancel
Apply
Creating a Subdomain
• Create a Subdomain to Better Organize Your Namespace
• Delegate Authority of a Subdomain To
– Delegate management of portions of the namespace
– Delegate administrative tasks of maintaining one large DNS
database
“.”
com.
org.
edu.
au.
microsoft.com.
training.microsoft.com.
training.microsoft.com.
Subdomain
Second-Level Domain
Top-Level Domain
Root
Configuring Active Directory Integrated Zones
Active Directory Integrated Zone Data Is
– Stored as an Active Directory object
– Replicated as part of domain replication
Active Directory
Integrated Zone
Active Directory
nwtraders.msft
DNS Server
Migrating Zones to the Windows
2000 DNS Server Service
Files in the Windows 2000 DNS Server Service Include:
Domain_name.dns
The Forward Lookup File That Is Used to
Translate Host Names to IP Addresses
z.y.x.w.in-addr.arpa.dns
The Reverse Lookup File That Is Used to
Translate IP Addresses to Host Names
Cache.dns
Boot
Contains the Required Host Information for
Resolving Names Outside Authoritative Domains
Controls How the DNS Server Service Starts
Configuring DNS for Internal Use
• Configure a Root Zone on a DNS Server When
– Your intranet is not connected to the Internet
– You are using a proxy server to gain access to the Internet
If Your Company Is on the Internet
Internet Root Domain
“.”
org.
com.
edu.
au.
If Your Company Is Not on the Internet,
or Is Connected to the Internet Through
a Proxy Server
Root Domain
“.”
org.
com.
...
delegate
microsoft.com
...
com.
Proxy
Server microsoft.com.
microsoft.com.
Private Network
com.
delegate
microsoft.com
Private Network
Records for
microsoft.com
Integrating DNS and DHCP
• Overview of Dynamic Updates
• Configuring Dynamic Updates
• Securing Dynamic Updates
Overview of Dynamic Updates
The DNS Dynamic Update Protocol
Allows Clients to Automatically Update
DNS Servers
Computer1
1 Request for IP address
Assign IP address
of 192.168.120.133
Dynamic Update
2
Dynamic Update
Computer1
192.168.120.133
DNS Server
Zone Database
DHCP
Server
Configuring Dynamic Updates
To Configure Dynamic Updates, You Must:
Configure the DNS Server to Allow Dynamic
Updates
Configure the DHCP Server for Dynamic
Updates
Configure Windows 2000-Based Clients for
Dynamic Updates
Securing Dynamic Updates
nwtraders.msft. Properties
WINS
General
Active Directory
Integrated Zone
Zone Transfers
Start of Authority (SOA)
Status:
Running
Type:
Active Directory-integrated
Security
Name Servers
Pause
Change…
Data is stored in Active Directory.
Allow dynamic updates?
Secure
Dynamic Updates
Only secure updates
To set aging/scavenging properties,
click Aging
OK
Aging…
Cancel
Apply
Maintaining and Troubleshooting
DNS Servers
• Reducing Network Traffic by Using
Caching-Only Servers
• Maintaining DNS Zones
• Monitoring DNS Servers
• Verifying Resource Records by Using
Nslookup
• Troubleshooting Name Resolution
Problems
Reducing Network Traffic by
Using Caching-Only Servers
Caching-Only Servers
– Perform name resolution on behalf of client computers
and cache the results
– Can be used to reduce DNS-related traffic across a WAN
Remote Office
Client
Caching-Only
DNS Server
Slow WAN Link
DNS Server
Client
Corporate Headquarters
Client
Maintaining DNS Zones
DNS
Console Window Help
Action View
Name
Type
Data
(same as parentResource
folder) Record Type
(same as parent folder)
Select a resource record type:
Tree
DNS
ITCOMPUTER01
Forward Lookup Zones
Zone_A
Update Server Data File
Reload
New Host…
New Alias…
New Mail Exchanger…
New Domain…
New Delegation…
Other New Records…
View
New Window from Here
Host
Host Information
IPv6 Host
ISDN
Mail Exchanger
Description:
Host address (A) record. Maps a DNS domain
name to a single 32-bit IP version 4 address.
(RFC 1035)
Delete
Refresh
Export List…
Properties
Help
Create Record…
Cancel
Monitoring DNS Servers
LONDON Properties
Advanced
Forwarders
Monitoring
Interfaces
Logging
Root Hints
Security
To verify the configuration of the server, you can perform manual
or automatic testing.
Select a test type:
A simple query against this DNS server
A recursive query to other DNS servers
To perform the test immediately, click Test Now.
Test Now
Perform automatic testing at the following interval:
Test interval:
1
minutes
Test results:
Date
Time
Simple Query Recursive Q..
OK
Cancel
Apply
Verifying Resource Records by
Using Nslookup
Use Nslookup to Verify That the Information
Contained in Resource Records Is Correct
Command Prompt
Microsoft Windows 2000 [Version 5.00.2195]
<C> Copyright 1985-1999 Microsoft Corp.
C:\>nslookup
Default Server:
Address:
london.nwtraders.msft
192.168.1.200
> bonn
Server:
Address:
london. nwtraders.msft
192.168.1.200
Name:
Address:
bonn. nwtraders.msft
192.168.1.1
> 192.168.1.2
Server:
Address:
london. nwtraders.msft
192.168.1.200
Name:
Address:
denver. nwtraders.msft
192.168.1.2
> exit
C:\>
Troubleshooting Name
Resolution Problems
Troubleshooting Name Resolution Problems
Can Include:
Troubleshooting Name Resolution on
Client Computers
Registering Client Computers
Troubleshooting Zone Transfer Problems
Review
• Overview of the DNS Query Process
• Installing the DNS Server Service
• Configuring Name Resolution for
Client Computers
• Creating Zones
• Configuring Zones
• Configuring DNS for Internal Use
• Integrating DNS and DHCP
• Maintaining and Troubleshooting
DNS Servers
Examining Remote Access in
Windows 2000
• Establishing a Remote Access
Connection
• Data Transport Protocols
• Virtual Private Network Protocols
Establishing a Remote Access
Connection
Local Area
Network
Remote Access
Protocols
LAN Protocols
Remote Access
Server
Internet
Remote Access Client
Data Transport Protocols
Remote Access Protocols
LAN Protocols
PPP
TCP/IP
SLIP (client only)
NWLink
Microsoft RAS
NetBEUI
ARAP (server only)
AppleTalk
Remote Access
Server
Remote Access
Client
Virtual Private Network
Protocols
PPTP
L2TP
Internetwork Must Be IP Based
Internetwork Can Be IP, Frame
Relay, X.25, or ATM Based
No Header Compression
Header Compression
No Tunnel Authentication
Tunnel Authentication
Built-in PPP Encryption
Uses IPSec Encryption
Internet
Client
PPTP or L2TP
Server
Configuring Inbound Connections
• Configuring Inbound Dial-up
Connections
• Configuring Virtual Private Network
Ports
• Configuring Modem and Cable Ports
• Configuring User Dial-in Settings
Configuring Inbound Dial-up
Connections
Routing and Remote Access
Action
View
Routing and Remote Access
Server Status
SERVERX (local)
Configure and Enable Routing and Remote Access
Disable Routing and Remote Access
All Tasks
View
Delete
Refresh
Export List...
Properties
Help
Configuring Virtual Private
Network Ports
Routing and Remote Access
Action
View
Routing and Remote Access
Server Status
SERVERX (local)
Ports
Dial-In Clients (0)
IP Routing
Remote Access Policies
Name
Device
WAN Miniport (PPTP)(VPN3-4) VPN
Comment
Status
Inactive
WAN Miniport (PPTP)(VPN3-3)
VPN
Inactive
WAN Miniport (PPTP)(VPN3-2)
VPN
Inactive
WAN Miniport (PPTP)(VPN3-1)
VPN
Inactive
WAN Miniport (PPTP)(VPN3-0)
VPN
Inactive
WAN Miniport (L2TP)(VPN2-4)
VPN
Inactive
WAN Miniport (L2TP)(VPN2-3)
VPN
Inactive
WAN Miniport (L2TP)(VPN2-2)
VPN
Inactive
WAN Miniport (L2TP)(VPN2-1)
VPN
Inactive
WAN Miniport (L2TP)(VPN2-0)
VPN
Inactive
Direct Parallel (LPT1)
PARALLEL
Inactive
Modem (COM 3)
MODEM
PPTP Ports
L2TP Ports
Cable and
Inactive
Modem Ports
Configuring Modem and Cable Ports
Ports Properties
RAS Device Configuration
In the list below, select those devices which can be
used by the Routing and Remote Access Services.
Devices:
Ports, Grouped
By Type
Usage
Ras
Ras
None
Function of Port
Device
Type Num...
WAN Miniport (PPTP)
PPTP 5
WAN Configure
Miniport (L2TP)
L2TPMiniport
5
ports - WAN
(PPTP)
Direct Parallel
Parallel 1
You can enable this device to accept inbound remote access
requests and to enable demand-dial routing connections.
Remote access (inbound)
Demand-dial routing (inbound/outbound)
Phone number of this device:
Ports
Configure
Phone Number
(if applicable)
You can adjust the port limit for a device which
supports dynamic ports (such as virtual circuits).
Maximum ports:
Number of
Virtual Ports
5
OK
Cancel
Configuring User Dial-in Settings
User1 Properties
General Address Account Profile
Telephones
Dial-in
Member Of
Environment
Organization
Timeouts
Remote Access Permission (Dial-in or VPN)
Permissions
Allow access
Deny access
Control access through Remote Access Policy
Caller ID
Verify Caller-ID:
Callback Options
Callback
No Callback
Set by Caller (Routing and Remote Access Service only)
Always Callback to:
Assign Static IP Address
IP Routing
Apply Static Routes
Define routes to enable for this Dial-in
connection.
OK
Static Routes...
Cancel
Apply
Configuring Outbound Connections
• Exploring Hardware Options
• Creating a Dial-up Connection
• Connecting to a Virtual Private
Network
• Connecting Directly Through a Cable
Exploring Hardware Options
Connection Methods
PSTN
Cable Modem
ISDN
X.25
Direct Connection
Creating a Dial-up Connection
Client
Network Connection Wizard
Network Connection Type
You can choose the type of network connection...
Remote
Access
Server
Dial-up to private network
Connect using my phone line
(modem or ISDN)
Dial-up to the Internet
Connect to the Internet using my phone line
(modem or ISDN)
Internet
Client
ISP
Server
Connecting to a Virtual Private
Network
Corporate
Intranet
Intranet Adapter
Internet Adapter
Internet
Tunnel
VPN Remote Access Client
Windows 2000 VPN Server
Connecting Directly Through a
Cable
Network Connection Wizard
Host or Guest
To connect two computers, specify which one you are using.
Choose the role you want for this computer
Host
This computer has the information you want to access.
Network Connection Wizard
Guest
Select a Device
This computer will be used to access information
computer.
Thison
is the
the host
device
that will be used to make the connection.
Select a device:
Communications Port (Com1)
Communications
Port
(Com1)
Communications
Port
(Com1)
Communications Port (Com2)
Direct Parallel (LPT1)
Configuring Multilink Connections
Multilink
A
B
Remote
Access Server
Multilink with BAP
A
Remote
Access Server
B
C
Connection Switches on Demand
Configuring Authentication
Protocols
•
•
Standard Authentication Protocols
Extensible Authentication Protocols
Standard Authentication Protocols
Protocol
Security
PAP
Low
The client and server cannot negotiate using
more secure validation
SPAP
Medium
Connecting a Shiva LANRover and Windows
2000–based client or a Shiva client and a
Windows 2000–based remote access server
CHAP
High
You have clients that are not running
Microsoft operating systems
High
You have clients running Windows NT version
4.0 and later or, Microsoft Windows 95 and
later
High
You have dial-up clients running Windows
2000, or VPN clients running Windows NT 4.0
or Windows 98
MS-CHAP
MS-CHAP
v2
Use when
Extensible Authentication Protocols
• Allows the Client and Server to
Negotiate the Authentication Method
That They Will Use
• Supports Authentication by Using
– MD5-CHAP
– Transport Layer Security
– Additional third-party authentication
methods
• Ensures Support of Future
Authentication Methods Through an
API
Configuring Encryption Protocols
Members of this group dial-in
profile can use IPSec 56-bit
Data Encryption Standard
(DES) or MPPE 40-bit data
encryption
Members of this group dial-in
profile can use IPSec 56-bit
DES or MPPE 56-bit data
encryption
Members of this group dial-in
profile can use IPSec Triple
DES (3DES) or MPPE 128-bit
data encryption
Edit Dial-in Profile
Dial-in Constraints
Authentication
IP
Encryption
Multilink
Advanced
NOTE: These encryption settings apply only to the
Windows 2000 Routing and Remote Access Service.
Select the level(s) of encryption that should be allowed by
this profile.
No Encryption
Basic
Strong
Strongest
OK
Cancel
Apply
Configuring Routing and Remote
Access for DHCP Integration
• Assigning IP Addresses to Remote
Access Clients by Using DHCP
• Configuring Routing and Remote
Access to Use DHCP
Assigning IP Addresses to Remote
Access Clients by Using DHCP
• If DHCP Server is Available
Remote Access Server Obtains 10 IP Addresses at a Time
• If DHCP Server is Unavailable
Remote Access Server Uses Automatic Private IP
Addressing
Configuring Routing and Remote Access to Use DHCP
LONDON (local) Properties
General
Security
IP
PPP
Event Logging
Enable IP routing
Allow IP-based remote access and demand-dial connections
IP address assignment
This server can assign IP addresses by using:
Dynamic Host Configuration Protocol (DHCP)
Static address pool
From
To
Add…
Number
Edit…
IP Add… Mask
Remove
Use the following adapter to obtain DHCP, DNS, and
WINS addresses for dial-up clients.
Adapter:
Corpnet:
OK
Cancel
Apply
Performing Disk
Management
Windows 2000 Disk Storage Types
Basic Storage
Dynamic Storage
Simple volume
Striped volume
C:
D:
C:
-or-
D:
Primary
partitions
Spanned volume
RAID-5 volume
E:
E:
F:
F:
G:
H:
Extended
partition with
logical drives
Mirrored volume
Using Disk Management
compmgmr - [Computer Management (Local)\Storage\Disk Management]
Action
View
Computer Management (Local)
Volume
System Tools
(C:)
Storage
Removable Storage
Disk Defragmenter
Logical Drives
Disk
DiskManagement
Management
Select
Server Applications and Services
disk
Layout
Partition
Type
Basic
Select
partition or
volume
Refresh
Rescan Disks
Restore Basic Disk Configuration…
Disk 0
Basic
3.02 GB
Online
New
All Tasks
View
Help
(C:)
1.37 GB NTFS
Healthy (System)
Open
Explore
Mark Partition Active
Change Drive Letter and Path…
Format…
Delete Partition…
Properties
Upgrade to Dynamic Disk…
Properties
Help
Help
Creating Dynamic Volumes
• Converting Storage Type
• Creating and Extending Simple
Volumes
• Creating and Extending Spanned
Volumes
• Creating Striped Volumes
Converting Storage Type
Basic
Dynamic
System and boot partitions
Simple volumes
(system and boot volumes)
Primary and extended
partitions, logical drives
Simple volumes
Volume set
Spanned volume
Stripe set
Striped volume
Mirror set
Mirrored volume
Stripe set with parity
RAID-5 volume
Basic
No volume conversion
Dynamic
Creating & Extending Simple Volumes
Simple Volumes:
• Contain Space
on a Single Disk
• Can Use NTFS, FAT, or FAT32
• Can Be Mirrored
• Are Created with the Create Volume
Wizard
• Can Be Extended if Formatted as
NTFS
Creating and Extending Spanned
Volumes
Disk 1
Dynamic
4094 MB
Online
Disk 2
Dynamic
4094 MB
Online
New Volume (G)
100 MB NTFS
Healthy
New Volume (G)
100 MB NTFS
Healthy
3994 MB
Unallocated
Free space combined
into one logical volume
3994 MB
Unallocated
Data written to first
disk until full, then to
next disk in volume
Creating Striped Volumes
Disk 1
Dynamic
4094 MB
Online
Disk 2
Dynamic
4094 MB
Online
New Volume (G)
100 MB NTFS
Healthy
New Volume (G)
100 MB NTFS
Healthy
3994 MB
Unallocated
Free space combined
into one logical volume
3994 MB
Unallocated
Data written across all
disks in 64-KB units
64 KB
64 KB
64 KB
Performing Common Disk
Management Tasks
•
•
•
•
•
•
Creating Partitions
Adding Disks
Managing Drive Letters and Paths
Managing Mirror Sets on Basic Disks
Managing Other Sets on Basic Disks
Defragmenting Hard Disks
Creating Partitions
Create Partition Wizard
Select Partition Type
You can specify what type of partition to create.
Select Partition Size
How big do you want the partition to be?
Assign Drive Letter or Path
You can assign a drive letter or drive path to a partition.
Format Partition
You can customize the formatting of the partition.
Specify whether you want to format this partition.
Do not format this partition
Format this partition with the following settings:
Formatting
File system to use:
NTFS
Allocation unit size:
Default Allocation Size
Volume label:
New Volume
Adding Disks
• Adding a New Disk
Disk 0
Basic
1908 MB
Online
CDRom 0
CDRom
Refresh
Rescan Disks
Restore Basic Disk Configuration…
New
All Tasks
View
Help
No Media
• Adding Disks from Other Computers
Import Foreign Disk
• Failed: Incomplete Volume and Failed
Redundancy Mean Disk is Missing from
Volume
Managing Drive Letters and Paths
• Managing Drive Letters
– Add—to assign a new drive letter
– Remove—to remove an existing drive
letter
– Modify—to change an existing drive
letter
• Managing Drive Paths
Disk 0
Basic
3.02 GB
Online
(C:)
1.37 GB NTFS
Healthy (System)
New Volume
51 MB NTFS
Healthy
Desktop
My documents
My computer
31/2 Floppy (A:)
LocalDisk
Disk
(C:)
Local
(C:)
Documents and Settings
Inetpub
Program Files
Project Data
Shared Files
WINNT
Managing Mirror Sets on Basic
Disks
Mirror set created …. Upgraded to Windows 2000
in Windows NT 4.0
•
•
•
•
….
Mirror set on basic
disks in Windows 2000
Repairing a Mirror Set
Resynchronizing Mirror Sets
Breaking Mirror Sets
Deleting Mirror Sets
Managing Other Sets on Basic
Disks
Deleting Volume Sets and Stripe Sets
– Deleting a volume set or stripe set deletes all of the
data that the set contains
– You can delete entire sets only
Repairing and Deleting Stripe Sets with
Parity
– Repairing a stripe set with parity requires additional
basic disk with sufficient free space
– Deleting a stripe set with parity deletes all data that
the set contains
– You can delete entire stripe set with parity only
Defragmenting Hard Disks
(D:)
Paused
FAT32
2,857 MB
Analysis display:
Defragmentation display:
Analyze
Fragmented files
Defragment
Contiguous files
Resume
System files
Stop
Free space
Summary of Network
• Centralize and Simplify Functions
– DHCP, DNS, RIS and other services
• Separate Portions of Network Logically
– Domains arranged not by physical location
• Protect Data
– Multiple Servers, Active Directory
– RAID
• Make accessible yet Secure
– Remote Access
– VPNs
Assignments - due before next week
• Project 1 (Handout)
• Based on your reading of the lesson and textbook in
Section 1.1, write a one-page document on what you
believe constitutes a platform.
• Small Group Assignment:
– Identify & research some significant policies and
procedures that system administrators use to set
up desktop workstations. List key points of
policies and URLs used for your research. (Hint:
Virtual Library!)
• Quiz at 11:45 pm
Next Week
• Chapters 18 and 14
• Network Topologies, Connectivity
• Centralization, Decentralization,
Outsourcing
• You will be creating a layout of a
network - all the components, where
they should be, what their role is
• 2 quizzes, as determined by syllabus
(both will be at end of class session)