Employee Names
Team Lead
Module Name / Windows Server Network Administration
Certification Test / Vendor
Objectives covered
Time allotted / 8 Days / Time Taken
Date Started / Date Completed
Portfolio Contents
Item / Lab completed / Lab report / IncompleteLab 6-1
Lab 6-2
Lab 6-3
Lab 6-4
Lab 6-5
Lab 6-6
Lab 6-7
Lab 6-8
Lab 6-9
Lab 6-10
Lab 6-11
Lab 6-12
Worth / Awarded / Incomplete
Windows Server 2003 Family
Completed solution to problem portfolio (Extra Credit)
: Customer Overview
: Identify Customer Needs
: Identify Possible Solutions
: Define terminology used (jargon, technical terms)
: Price Out Solutions
: Diagram of Solutions
Budget for Unit / 500
Expenditures / Remaining Budget
Tardies (5/day) / Labs / N/A
Absences (10/day) / Hardware Test Score Average / N/A
Off Task (50/student/day) / Objective Test Score Average (100)
Consultation Fees (50/consultation) / Project (400)
Seminar (100) / Total (500)
Missed deadline (100/day)
Total
Budget remaining
Network Administration Overview
Some of the tasks of a Network administrator
n Installing and maintaining the ______system
n Administering ______Directory
n Administering file & ______resources*
Administering Active Directory
n ______objects
n ______objects
n ______objects
n Managing Active Directory ______and object ______
n ______objects*
Active Directory
n Active Directory is a ______service.
n Information about ______and ______
n A service that lets you ______and ______those resources
n AD is built around the ______(DNS) and the ______(LDAP). These are used to locate and access any type of resource on the network and are supported by UNIX, Mac, Linux, Windows, etc.
n Active directory is installed only on authentication servers.
n Web servers, file servers, etc. do not need Active Directory, although they will use ______.
AD World
n A client wants to access a service or ______, it does so using the resource’s AD name.
n A DNS ______is sent to the DNS server using the AD name.
n The DNS server provides the ______address of the domain controller responsible for the name (i.e. I’m trying to use folders on DFS. DFS is on Nettech-04. I don’t need to know that as long as AD knows that.)
n Client receives the DC’s address and uses it to make an ______query. LDAP finds the address of the system.
n The DC response with the requested information.
n The client ______the information.
n The client uses the ______, standards, and ______IF they have permission to do so!*
Once AD is installed
n Add ______
n Add ______
n Add ______units
n Add ______accounts
n Join a domain from the computers in your network
n ______folders
n ______printers
n Control user ______
Exploring Active Directory Users and Computers
n Active Directory Users and Computers
n MMC application with the filename of ______
n Primary ______tool used to manage the following within an Active Directory domain
Exploring Active Directory Users and Computers
n Use it to control
n ______
n ______
n OUs
n ______information
n One of the tools used to create and manage Group Policy objects
Creating Organizational Units
n Organizational unit (OU)
n A ______container that contains other objects, such as
n Users
n Groups
n Computers
n Published resources
n Other OUs
n Can only consist of ______from its ______domain
Creating Organizational Units
n Main reasons to create an OU
n ______and ______a single domain into logical administrative units
n Allow some ______of ______over different departments
n Give different people in a company different
n ______Policies
n ______
n ______
Creating New User Accounts
n User account object
n Represents all the information that defines a ______user with ______permissions to the network
Creating New User Accounts
n Why have user accounts?
n Require ______of anyone connecting to network
n Control access to network resources such as shared ______or ______
n ______access to resources by ______actions performed by a user logged on with a specific account
Creating New User Accounts (Continued)
n Before creating your users, decide:
n A ______convention
n What will ______look like
n Tory_klementsen
n Klementsent
n Teechur
n Controlling ______ownership
n Can users ______it?
n How ______?
n Including additional required attributes
Creating New User Accounts (Continued)
n A number of initial account settings can be configured when creating a user account, such as
n Whether a user’s password ever ______
n If the account should initially be ______
n User can’t ______password
n Password never ______
n Once a user account is created, a number of additional tasks and attributes can be applied, such as:
n Copy
n Add to a ______
n ______Account
n ______Password
n ______(to another organizational unit)
n Open Home Page
n ______Mail
n Properties
n To view and modify user account attributes
n Right-click the user account, then
n Click ______
Creating New User Accounts (Continued)
n Properties dialog box of a user account
n Tabs allow you to
n Add specific information, or
n Enable specific ______for the user account
Properties of a user account object
n Create a new user, Chicken Little
n Give him an address
n On the account tab, set his account to expire on next Friday
n Set his homefolder to be \\nameofyourserver\home$\%username%
n Set his profile path to be \\nameofyourserver\home$\profiles\%username%
n Give him a phone number or three
n His Title is Head Chicken
n Department Homeland Security
n Company US of A
n Make YOU his manager (you do have an account, right?)
n Click Member Of and make him a member of the administrators group
Creating Computer Accounts
n ______account
n An Active ______object
n Can be created in three ______ways:
n During initial ______of client operating system you can have it automatically join the domain
n When you join the domain, you provide ______credentials and it creates the account
n ______in Active Directory before client installation
Moving Active Directory Objects
n Objects created within the Active Directory Users and Computers console can be moved between ______within the same domain
n Create an OU named Chickens
n Move Chicken Little into that OU
Creating Group Objects
n Windows Server 2003 groups
n It is considered a ______object
n Used to organize collection of ______, ______, ______, or other ______into a single security principal
n Simplifies ______
n Rights and resource permissions can be assigned to a ______rather than to individual users
n Groups and OUs
n Similarity
n Both are used to ______other objects into logical containers
n Differences
n ______and ______
n OUs are not ______principals and as such cannot be used to define permissions on ______or be assigned rights
n Active Directory security groups are security principals that can be assigned both ______and ______
n Objects that they can contain
n OUs can only contain objects from their ______domain
n Some ______can contain objects from ______domain within the forest
Group Types
n Windows Server 2003 allows two group types:
n Security group
n Defined by ______Identifier (SID)
n Can be listed in ______access control lists (______) used to define permissions on resources and objects
Group Types
n ______group
n Used solely for e-______distribution
n Does not have ______SID
n Cannot be listed in ______used to define permissions on resources and objects
Group Scopes
n Group scope
n The logical boundary within which a group can be assigned ______to a specific resource within the domain or forest
Group Scopes
n Security and distribution groups in Active Directory can be assigned one of three possible scopes
n ______
n ______local
______
Global
n A global group
n Can be assigned permissions to any resource in ______domain within the ______
n Can only contain ______of the ______domain in which it is created
n Mainly used to organize user objects into logical groupings according to function
Domain Local
n A domain local group
n Can only be assigned ______to a resource available in the ______domain in which it is created
n Group membership can come from ______domain within the forest
n Mainly used to assign access ______to a resource
Universal
n A universal group
n Can be assigned permissions to ______resource in ______domain within the forestDifferences between universal and global groups
n A universal group can consist of user objects from ______domain in the forest; global groups can only consist of user objects from the ______domain
n Universal groups are only available when a domain is configured in Windows 2000 ______mode or the Windows Server 2003 ______level
Creating Group Objects
n Steps to create group objects in Active Directory
n Decide in which ______the group should be created
n Choose an appropriate group ______, ______, and type
n To create universal groups
n A domain must be switched to ______mode
Modifying Group Memberships
n Membership can be added once a group object is created
n Depending upon which type of group is created, Windows Server 2003 groups can possibly contain
n ______
n ______
n ______
n ______
Changing a Group Scope
n A group can change its scope as long as group’s membership ______are not violated
n In other words, since a local group cannot contain local groups, if you have a global group with local groups in it, you have to remove the local groups before you turn it into a local group.
Changing a Group Scope
n Rules for changing group scopes
n You can only change a global group to a universal group as long as it is not a member of another ______group (because global groups can’t contain universal groups)
n You can only change a domain local group to a universal group as long as it does not contain any other ______groups as a member (because global groups cannot contain domain local groups)
Understanding the Built-in Local Groups
n Built-in local security groups
n Have various ______rights
n Can be used to allow users to perform certain ______tasks
n Ease the implementation of ______and ______rights throughout the network
n Found in ______container
n Built-in global groups
n Found in ______container
Managing Security Groups
n Acronym A G U DL P can be used to implement the use of security groups
– Create user A______, and organize them within G______groups
– Often users are grouped in global groups based on departments in the organization
Managing Security Groups
– Optional: Create U______groups and place global groups from any domain within the universal groups
Managing Security Groups (Continued)
n Create D______L______groups that represent the resources in which you want to control access and add the global or universal groups to the domain local groups
n Assign P______to the domain local groups
Domains, Trees, and Forests
n Domain
n Domains are a collection of computers ______together with at least one server authenticates users and controls access.
n In a domain all computers share the same ______:
n Chicken.com
n Server01.chicken.com
n Computer04.chicken.com
n www.chicken.com
n These are ______and can be used to access the computers (resolved through DNS)*
Domain
Domain Tree
n Collection of domains
n All ______share the same ______
n The root ______holds the main ______(pickle.com)
n The ______domains are “under” the ______domain
n Sweet.pickle.com
n Gherkin.pickle.com
n Dill.pickle.com
Forest
n A ______is also a collection of domains; however:
n Domains do not share the same ______
n Join ______to create a forest
n Specifically for sharing resources among ______domains
Forest
n Trusts
n In both ______and ______trusts are created
n One-way: one domain trusts ______, but not vice versa
n Fox.com trusts chicken.com. Chicken.com does not trust fox.com
n Transitive: ______domains trust each other
n Chicken.com trusts fox.com
n Fox.com trusts chicken.com
Administering Permissions in Active Directory
n Active Directory uses permissions to protect the creation, deletion, or viewing of objects within the database
Administering Permissions in Active Directory
n By default, administrators have ______to all objects within the domain
n Users are given the initial permission to read most ______of the objects stored in the database
Active Directory Object Permissions
n Active Directory objects can be assigned permissions at two levels:
n ______-level permissions
n Define which types of objects a user or group can view, create, delete, or modify within Active Directory
n Can be applied according to a ______set of ______permissions
Active Directory Object Permissions
n ______-level permissions
n Define which attributes of a certain object a user or group can ______or ______within Active Directory
Permission Inheritance
n By default, all ______objects inside a container object inherit permissions from ______objects
Permission Inheritance
n Permission inheritance and careful planning can eliminate the need to assign permissions to
n ______container object, or
n Every object ______a container
n The default inheritance of permissions can be modified by ______the inheritance at a container or object level
Delegating Authority Over Active Directory Objects
n Steps to delegate the administration of Active Directory
n Design OU structure so that the administration work can be ______
n ______the appropriate level of ______permissions for each administrator
Delegating Authority Over Active Directory Objects
n ______of ______Wizard
n Guides you through the process of determining the permissions that you want to delegate
n Configures permissions for the object and child objects
Delegating an administrative task in Active Directory
Windows 2003 Server Family
Go to the website and read through the articles on Windows 2003 Server Editions. When you have finished, complete the scenarios below by selecting the member of the family that will best fit the customers’ needs.
This page will give you an overview of each server type, but you may need to look up a little more information on some of them to truly understand when to use them.