Professional Documents
Culture Documents
Network Module Practical II
Network Module Practical II
Network Module Practical II
Hardware Components
- Computers: A minimum of two computers is required to establish a peer to peer
network.
- Installing a network adapter, also called a Network Interface Card (NIC).
Each computer that you want to be part of the network must have a standard network
adapter installed. A network adapter is installed on your computer's motherboard and is
used to access a network. When you install a network adapter, the operating system
creates a local area network (LAN) connection for you. It appears, like all other
connection types, in the Network and Dial-up Connections folder in Control Panel. Each
time you start your computer, Windows XP / 2000 detects your network adapter and
automatically starts the local area connection.
Steps to install NIC driver
1. First log on as Administrator.
2. Right click on My computer → Click Manage
3. Select “Device Manager” →Select Network adapter from content
pane→ Right-click → click Properties → Select Driver tab → click
Reinstall.
4. Insert Motherboard CD (If your NIC is attached to Motherboard) insert
floppy disk (If your NIC is on card- d/t type:-3Com,SIS, Reltex) → follow
- Cables: the
are procedure.
used to physically connect the computers on the network
5. But in
Normal /StraightXPthrough
the OS Cable:
detect NIC, so no
Connect need of inserting
Computer to Hub. CD/floppy disk.
Cross-over Cable: Connect Hub to Hub.
Depending on the size of your network, you may also need a network hub to provide
interconnection between PCs on the peer to peer network. Two PCs can connect using
crossover cable but if you have three or more computers in your network you need buy
a hub or multi-speed hub (called a switch).
3
- Shared Resources and peripherals: like printer, plotter, storage devices etc
Connecting the computers. You will need to decide which design layout, or
topology, will work best for your network. Some common topologies are bus,
star, and ring. The topology you choose will determine what type of cabling
and connectors you will need. For example, a standard network configuration
(star) uses UTP cables to connect each computer to a centralized component called a
hub. Hubs serve as distribution points for the entire network. One of the primary
advantages to using a hub is that a failure in a single cable or computer affects only the
computer using that cable; the rest of the network will keep functioning. Many different
types of hubs are available and the type you choose will depend on the network type
and cabling used. However, your hub must simply have enough ports to connect all of
your computers.
Installing a network protocol and service, which is the software that allows you to
connect to other computers on the network.
o Client: Client for Microsoft Network -Allows your computer to access
resources on a Microsoft network
Service: File and Printer Sharing for MS Network -Allows other computers to
access resources on your computer using a Microsoft network
Installing the correct network protocol. Each computer must be using a compatible
network protocol, such as NetBEUI, IPX/SPX, or TCP/IP.
Protocol: Internet Protocol (TCP/IP) & NetBuei- a protocol that provides
communication between computer across the network.
Note:-
A workgroup name must not be the same as computer name.
A workgroup name can have as many as 15 characters, but it can not containing any of
the following characters :;”<>*+=\|?’.
Computer name can not be more than 15 characters and it must be unique (you can not
use a name already use on the NETWORK.
If your computer was a member of a domain before you joined the workgroup, it will be
disjoined from the domain and your computer account will be disabled.
Advantages of Sharing
When you turn on file sharing, you can determine what resources are available in the network. All the
computers on the network can use the resources that you enable for sharing. For example, you can
enable the following resources for sharing:
• Folders
• Drives
• Printers
• Internet access
Resources that are not set up for sharing remain private.
5
Sharing Files
When a computer allocates resources, it assumes server functions. Any computer in a
peer-to-peer network workgroup can do so. You must configure file and printer
sharing for a computer to act as a server. You set up this functionality when you
installed the network card. Therefore, you can already share a file or files that you
want to use on other computers.
To share a file, follow these steps:
1. Locate a folder on the computer.
2. Right-click the file that you want to share, and then click Sharing and
Security to view additional settings.
3. The next two windows only appear when you are setting up your first
shared item. Windows notifies you that sharing data presents a certain
security risk. Therefore, remote access is turned off by default. Click the
Security warning message, click Just enable file sharing, and then
click OK
4. Now you can share data. Click Share this folder on the network, and
then type a share name. You can use this name later to access the
data. The share name and the folder name do not have to be the same.
5. Specify whether the data that is accessed over the network can be
changed, and then click OK.
6. The icon for the shared folder appears with a picture of a hand:
You can use the same method to share whole drives, including the following drives:
• Hard disks or partitions
• CD ROM drives
• ZIP drives
To stop sharing, right-click the file that is shared, click Sharing and
Security, and then clear the Share this folder on the network check
box. When you do so, this resource no longer appears under this
computer name. However, the folder link directly in the network
environment remains. It is no longer available unless you set it up for
sharing again. When a user tries to access the folder, they receive a "No
access" message.
Note
If the share this folder on the network checkbox is unavailable, this computer is not a
network.
The sharing option is not available for Document & setting, program files, WINDOWS
system folders.
You can not share folder, if you remove File & print sharing services & QOS protocol
1. Click Start, click Control Panel, and then click Network Connections.
4. Click OK.
If you entered a computer description when you assigned a computer name, you must
search for Share_name on Computer_description (Computer name).
If you work your way down to a specific computer in the network, you will see only
the shared resources on this one computer. Click View workgroup computers,
double-click the computer names (either as Computer_name or as
Computer_description [Computer name]), and then search for the name of the shared
file.
If you click Allow network users to change my files, you can view, copy, move,
change and delete files in this folder on any computer in this network. You can add
new files and access subfolders and files.
In Windows 2000
Double click My Network Place → Open Entire Network – Open Workgroup name.
7
Class IT → Computer Name → Shared folder.
With Internet Connection Sharing (ICS), you can connect computers on your home or
small office network to the Internet using just one connection. For example, you have one
computer that connects to the Internet by using a dial-up connection. When ICS is
enabled on this computer, called the ICS host, other computers on the network connect
to the Internet through this dial-up connection. In this section You will create an internet
connection (dial-up connection) in one computer and share the internet connection to the
other computer on the peer-to-peer network.
With Network Connections, connecting to the Internet is easy. For example, to create a
dial-up connection, you can use the following components to gain access to the Internet:
9
6. Select Connect using a dial-up modem and click Next.
Note:
o Dial-up connection- This type of connection uses a modems
with a standard phone line and its speed usually not more than
56 kilobits per second (Kbps) .
o Broadband connection- This is a high-speed connection,
typically 256 kilobytes per second (KBps) or faster.
Broadband includes DSL and cable modem service.
Fiber-optic cable can be used as transmission medium in
broadband connection to carries multiple messages at a time.
7. Type ISP Name usually the name of your Internet Service Provider and Click
Next.
Note: You can type any name, but the name you type here
will be the name of the connection you are creating.
8. Type Phone Number to Dial usually ISP’s Phone Number (900) and Click
Next.
9. Type an ISP User Name and Password, select two checkmarks and click
Next.
10. Select a Checkmark to add shortcut to this connection to your desktop and
click Finish.
After you set up an Internet connection make sure that File and Printer Sharing
and Client for Microsoft Networks are turned off in the dial-up connection (only
here). and make sure that the Internet connection firewall is turned on. A dial-up
connection to the Internet does not use these services, and the firewall provides
some protection against malicious (harmful) users and viruses.
1. Click Start, click Control Panel, and then click Network Connections.
10
2. Right-click the dial-up connection, and then click Properties.
3. Click the Networking tab, and then click Advanced to confirm the following settings:
• The Client for Microsoft Networks check box and the File and Printer
Sharing for Microsoft Networks check box are not selected.
• Click Settings button Select On option button on General tab to turn on
firewall with exception and set your exceptions program and services on the
Exceptions tab.
11
4. Click OK.
12
Sharing an Internet Access in a Peer to Peer network
13
1.6 Sharing your printer
1. Open Printers and Faxes.
2. Right-click the printer you want to share, and then click Sharing.
3. The options you see on the Sharing tab differ depending on whether
sharing is enabled on your computer. For instructions on what to do next,
click the option that describes what you see on the Sharing tab.
1. On the Sharing tab, click Share this printer and then type a share
name for the shared printer.
2. If you share the printer with users on different hardware or different
operating systems, click Additional Drivers. Click the environment
and operating system for the other computers, and then click OK to
install the additional drivers.
3. Click OK, or, if you have installed additional drivers, click Close.
Notes
To open Printers and Faxes, click Start, point to Settings, click Control
Panel, and then double-click Printers and Faxes.
You can also share a printer in Printers and Faxes by clicking the printer you
want to share, and then clicking Share this printer under Tasks on the left
side of the window. This option is available only if folders are set to look like
a Web page and a printer is selected. For more information, click Related
Topics.
Printers are not shared by default when you install them on Windows XP
Home Edition, but you can choose to share any printer you install on your
computer.
When you publish a printer in Active Directory, other users logged onto the
Windows domain will be able to search for the printer based on its location
14
and features such as how many pages it prints per minute and whether color
printing is supported.
\\printserver_name\share_name
Using a printer’s URL allows you to connect to a printer across the Internet,
provided you have permission to use that printer. If you cannot connect to
the printer using the general URL format below, please see your printer's
documentation or contact your network administrator.
http://printserver_name/Printers/share_name/.printer
15
5. Follow the instructions on the screen to finish connecting to the network
printer.
Notes
To open Printers and Faxes, click Start, point to Settings, click Control
Panel, and then double-click Printers and Faxes.
You can also connect to a printer by dragging the printer from the Printers
folder on the print server and dropping it into your Printers folder, or by
right-clicking the icon and then clicking Connect.
Another way to add a printer is to double-click Add Printer. This option is
available only if folders are set to the Windows XP classic folder look, and if
a printer is not currently selected.
After you have connected to a shared printer on the network, you can use it
as if it were attached to your computer.
Note
To open Printers and Faxes, click Start, point to Settings, click Control
Panel, and then double-click Printers and Faxes.
16
Chapter -Two
SERVER-BASED NETWORK.
2.1 Conceptualizing Server- Based Network
Server
A computer whose role in a network is to provide services and resources to users. In a large network
environment, servers may have one or more specific roles in a network, depending on the number of
users, volume of traffic, number of peripherals, and so on. Computer that functions as servers within a
domain can have one of two roles, Domain Controller or Member Server.
Domain Controller: - is the authentication server or security server validate users for logging
on and accessing network resources.
Member servers: is a computer that is running winnows 2000 or Advanced Server that provides
specific function. Such as :-
Application servers are used as the back end in a client/server environment. An example of an
application server is Microsoft Exchange Server, which functions as the back end of a
client/server messaging system that includes Microsoft Outlook as the front-end user interface.
File and print servers provide users with centralized locations for storing files and accessing
print devices. Microsoft Windows 2000 member servers and Windows 2000 servers running
Internet Information Services (IIS) are examples of file servers.
Web servers can be used to host anything from static Hypertext Markup Language (HTML)
pages to commercial Web applications such as online storefronts. IIS is an ideal platform for
developing Web-based applications using Active Server Pages (ASP) technology.
Server-based network
A network in which network security and storage are managed centrally by one or more servers.
How It Works
In a server-based network, special computers called servers handle network tasks such as
authenticating users, storing files, managing printers, and running applications such as database
and e-mail programs. Security is generally centralized in a security provider, which allows users
to have one user account for logging on to any computer in the network. Because files are stored
centrally, they can be easily secured and backed up.
Server-based networks are more costly and complex to set up and administer than peer-to-peer
networks, and they often require the services of a full-time network administrator. They are ideal
for businesses that are concerned about security and file integrity and have more than 10
computers.
Microsoft Windows NT and Windows 2000 are ideal operating systems for server-based
networks. They offer centralized network administration, networking that is easy to set up and
configure, NTFS file system security, file and print sharing, user profiles that allow multiple
users to share one computer or allow one user to log on to many computers, Routing and Remote
Access for supporting mobile users, and Internet Information Services (IIS) for establishing an
intranet or Internet presence.
17
Setting up a server-based network requires more resources than peer-to-peer.
Such as:
- 133-MHZ Pentium or higher Central Processing Unit (CPU). A maximum of eight CPUs per
computer are supported.
- 256 MB of RAM recommended minimum (128 minimum supported; 8GB Maximum)
- For computers with more than 4GB of RAM, be sure to check the Hard ware Compatibility List
(HCL)
- A hard disk partition with enough free space to accommodate the setup process. The maximum
amount of space required will be approximately 1GB more space might be needed, depending on the
following:
The components being installed the more components the more space needed.
The file system used FAT requires 100 – 200 MB more free disk space than other file
system.
The method used for installation if installing from across a network, allow 100 – 200 MB
more space than if installing from the CD-ROM (More driver files need to be available during
installation across NW)
In addition an upgrade could require much more space than a new installation.
18
7. Upgrading to the Windows 2000 NTFS File System. The NTFS File System gives you increased
file security, more reliability, and more efficient use of disk space. You should not upgrade your
drive if you plan to install or use other operating systems on this computer such as MS-DOS,
Windows 95, or Windows 98. Select No, do not upgrade my drive.
8. The installation files will be copied to hard disk
9. BE CAREFUL: It’s better to have Operative System into different partitions. If not possible
make sure that you change the folder of installation. Select C: drive and \WINNTS folder for
Windows 2000 Advanced Server.
10. The system asks you to reboot.
11. Once all the files have been copied a Setup Wizard starts.
12. You can change Regional Settings like system or user locale settings (location, numbers,
currency, time date, etc.) or keyboard layout.
13. Personalize your software. Type a full name and the name of your company or organization.
Name: Mary Help Of Christians Organization: Salesians Sisters.
14. Licensing Modes. You can use licensing mode per number of concurrent connections or per
seat. Select per sever and choose 10 concurrent connections.
15. Computer Name and Administrator Password. Computer name: SERVERnn (nn is the
number of your seat). Administrator Password: leave it in blank.
16. Windows 2000 components. You can add or remove components of Windows 2000. Select
Internet Information Server. Click Details. Select FTP server
17. Date and Time Settings. Date and Time. Time Zone. You can also adjust automatically the
clock for daylight saving changes.
18. Networking settings. Windows installs networking components. Choose whether to use typical
or custom settings. Typical settings option creates network connections using the Client for
Microsoft Networks, File and Print Sharing, and the TCP/IP transport protocol with automatic
addressing. Custom settings option allows you to manually configure networking components.
Choose Typical settings.
19. Workgroup or Computer Domain. You can make the computer not working on a network or
make it be a member of a workgroup or an existing domain. Select first option (No, this computer is
not on a network.)
20. Installing Components
21. Performing Final Tasks. Installs Start menu items, Registers components, Saves settings and
Removes any temporary files used.
22. Now the computer has a dual-boot menu so you can run your computer using Windows 2000
Professional or Windows 2000 Advanced Server.
23. As you start Windows 2000 Advanced Server the Windows 2000 Configure Your Server
window appears. This is a window allows you to configure your server.
24. If you want the computer to be a Domain Controller (only one per network) you have to install
the Active Directory.
19
2.3 Configuring Active Directory
Active Directory (AD) Architectural Overview
Active Directory is the directory service for the Microsoft Windows 2000 network operating system.
Active Directory consists of both a database and a service. Active Directory is a database of
information about resources on the network, such as computers, users, shared folders, and printers. It
is also a service that makes this information available to users and applications. Active Directory
provides the basic features needed for an enterprise-level directory service, including an extensible
information source, naming conventions for directory objects, a common set of policies, and tools
for administering the service from a single point of access. Administrators can configure Active
Directory to control access to network resources by users and applications.
How It Works
The basic element of Active Directory is the object. An object can represent a user, computer, printer,
application, file, or another resource on the network. Active Directory objects possess attributes,
which are their properties. For example, some user attributes might include first name, last name, e-mail
address, and phone number. Some attributes must have mandatory values, while others can be left
undefined. Attributes of a printer might include the location of the printer, the asset number of the
printer for accounting purposes, the type of printer, and so on.
A special type of Active Directory object is the organizational unit (OU). An OU is a type of object
that can contain other objects. An OU can either contain a specific object, such as a user or an
application, or it can contain another OU. Using OUs, you can organize Active Directory into a
hierarchical directory of network information.
You can assign users permissions on subtrees of OUs for management and resource access purposes.
Organizational units are contained within domains, which are the basic security and organizational
structure for Active Directory. Every object in Active Directory must belong to a domain. Domains
usually mirror the organizational structure of your enterprise and act as a security boundary in your
enterprise. For example, privileges granted in one domain are not automatically carried over to another
domain. Domains can be joined into larger structures called domain trees using two-way transitive
trusts, and these tree structures can be grouped into domain forests for larger enterprises.
Active Directory has a set of rules governing which objects can be stored in the directory and which
attributes these objects can possess. This set of rules is known as the schema.
Information in Active Directory is maintained for each domain on the network. Active Directory
database information is stored and maintained on machines called domain controllers. This information
is replicated automatically between domain controllers to ensure that every portion of the distributed
directory is up-to-date. By default, the replication of updates to Active Directory occurs automatically
every five minutes. Automatic replication of Active Directory information occurs only within the
security boundary of a specific domain. Domain controllers in one domain do not automatically
replicate with those in another domain.
20
Active Directory provides network administrators with centralized administration of all information
about resources on the network, and it provides both users and administrators with advanced search
capabilities for locating resources on the network.
Before we configure Active Directory, let's start with the following core components of the Active
Directory service in details.
Forests
Domains
Domain Controllers
Organizational units
Sites
With so many parts to the Active Directory puzzle, it is important to understand their interrelationships.
Let's begin with forests and domains.
Forest
An Active Directory forest defines a collection of one or more domains that share a common schema,
configuration, and global catalog. All domains also share two-way transitive trust relationships.
Before going any further, let's pause for a moment and look at the key terms:
Schema— The Active Directory schema is common to all domains in a forest. The schema is the
configuration information that governs the structure and content of the directory.
Configuration— Configuration defines the logical structure of a forest, such as the number and
configuration of sites in the forest.
Global catalog— Think of the global catalog as the yellow pages for a forest. It contains
information about all objects in the forest and, in particular, where to find them. Global catalogs
also contain membership information for universal groups.
Trusts— Trusts provide a way to allow different domains to work together. Without trusts,
domains operate as completely separate entities, meaning that users in domain A would not have
access to resources in domain B. If a trust relationship is established between the domains so that
domain B trusts domain A, then domain A's users can access domain B's resources, provided that
they have the proper permissions.
With trusts, there are three general types.
o Transitive— Transitive trusts are automatically created trusts between all domains in the
same forest. They allow users in any domain to potentially have access to resources in
any other domain in the forest, provided that the users have the appropriate permissions.
o Shortcut— Shortcut trusts are trust relationships between domains in the same forest that
already have transitive trust relationships established. Shortcut trusts provide faster
authentication and validation of resource access between nonadjacent domains in the
same forest.
21
o External— External trusts allow domains in different forests to share resources. These
trusts are not transitive, meaning that they only apply to the domains for which they were
explicitly created.
How It Works
Forests provide a way of administering enterprise networks for a company whose subsidiaries each
manage their own network users and resources. Let's look at a sample forest. In Microsoft Windows
2000, a logical structure formed by combining two or more domain trees. For Example, a company
called CarPoint might have a domain tree with the root domain carpoint.com, while a subsidiary
company called Expedia might have a domain tree with the root domain expedia.com. Note that these
two companies do not share a contiguous portion of the DNS namespace; this is typical of trees in a
forest. The two companies might want to administer their own users and resources but make those
resources available to each other’s users. They can combine the two domain trees into a forest by
establishing a two-way transitive trust between the root domains of the two trees.
All trees in a forest must share a common directory schema and global catalog. The global catalog
holds information about all objects in all domains of the forest and acts as an index of all users and
resources for all domains in the forest. By searching the global catalog, a user in one domain can locate
resources anywhere in the forest. The global catalog contains only a subset of the attributes of each
object. This ensures fast searches for users trying to locate network resources.
Domain
A Domain is a logical grouping of users, computers, and resources that makes up a security and
administrative boundary. It is not a physical entity and doesn’t identify the actual network topology or
physical location of the network, but it provides a way to secure and organize objects. For example,
Microsoft.com and Amazon.com are domains. Computers in each domain share the common
configuration of that domain and may be subject to policies and restrictions set forth by the domain
administrators. The use of domains allows you to streamline security throughout your enterprise.
Domain Controllers
A domain controller manages information in the Active Directory database and enables users to log on
to the domain, be authenticated for accessing resources in the domain, and search the directory for
22
information about users and network resources. A Windows 2000 domain controller contains a writable
copy of the domain directory database.
Domain controllers are the servers that host the Active Directory. Every domain controller has its own
writable copy of the Active Directory database. Domain controllers act as the central security
component of a domain. All security and account validation is performed by a domain controller. Every
domain must have at least one domain controller. Run the Active Directory Installation Wizard to
promote any Windows 2000 member server to the role of a domain controller.
23
Organizational unit (OU)
Organizational units (OUs) are logical containers that are commonly used to define departments or
locations.
How It Works
An organizational unit (OU) can contain other OUs, or it can contain specific objects, such as those
listed here:
Users
Groups
Computers
File shares
Printers
Security policies
Applications
OUs make possible the hierarchical structure of Active Directory. Objects in the directory are grouped
in tree-like structures for easier administration. OUs are displayed in Windows 2000 administrative
consoles as folders, much like the folders in a file system that store individual files. OUs are logical
groupings of users and resources in a domain; they simplify management of the domain by delegating
administrative tasks to specific people.
OUs are often used to duplicate the organizational structure of the company within Active Directory.
For example, a company might have OUs named Dev, Marketing, and Sales that represent the network
resources of these three departments. OUs can also be assigned according to geographical criteria
(New York, Los Angeles, and Detroit, for example) or by administrative function (Accounts, Shares,
and Printers). When you run the Active Directory Installation Wizard to install Active Directory on a
server running Windows 2000 (thus turning the server into a domain controller), a default
hierarchy of OUs is created. This default hierarchy helps you begin administering Active Directory. It
consists of the following OUs, which you can display by using Active Directory Users and Computers, a
snap-in for Microsoft Management Console (MMC):
Builtin: Includes built-in security groups such as Administrators and Account Operators
Computers: Includes other computers in the domain
Users: Includes domain user objects
Domain Controllers: Includes the domain controllers in the domain
24
Graphic O-5. Organizational unit (OU).
The hierarchical structure of OUs in Active Directory also simplifies the task of querying Active
Directory for information about network resources. OUs are useful in facilitating administration of
Active Directory and therefore in the administration of resources on the network itself. Administrators
use OUs to organize users and resources on the network, and to delegate administrative and other
rights and permissions to users and groups. The administrator has full access rights on all objects in
the directory and can assign permissions to various subtrees of OUs for appropriate users and groups.
For any OU, the administrator can delegate either of the following rights to specific users and groups:
Access to objects in Active Directory is based on discretionary access control lists (DACLs), which
offer a security model similar to that used in the NTFS file system. Because objects with similar
security requirements are grouped into an OU, permissions assigned to the OU are inherited by all
objects in the OU. You assign permissions to OUs and other objects by using Active Directory Users
and Computers.
NOTE
If several domains are connected into a domain tree, each domain can have its own specifically designed
hierarchy of OUs. The structures of domains within a domain tree are independent of one another.
However, an OU can contain objects only from its own domain, not from any other domain within a
domain tree.
OUs are not part of the namespace of a company, which in Windows 2000 is based on the Domain
Name System (DNS). In other words, you can identify a Windows 2000 domain by using a DNS name
25
such as northwind.microsoft.com, but you cannot identify OUs within the domain by using DNS names.
However, you can specify OUs by using Lightweight Directory Access Protocol (LDAP) names.
You cannot create new OUs within the four default OUs previously listed. These default OUs simply get
you started in administering your network.
TIP
To create new OUs in Active Directory, select the desired parent container in Active Directory Users
and Computers, and choose Organizational Unit from the New submenu of the Action menu. You can
also use the console toolbar. The only information you need to specify when you create a new OU is its
name.
When you create an OU, you should consider who will own and manage it and who will be responsible
for the following tasks:
Managing permissions on the OU and its objects, and delegating the permissions to others
You can create OUs for groups of users who will be assigned similar permissions to network resources.
You can also create separate OUs for permanent and temporary employees. You can group shared
folders and printers with similar security requirements into OUs.
You should create OUs that are stable and will not change frequently, and you should avoid making the
hierarchy of OUs too complicated. In a multidomain scenario with a domain tree, it is usually a good
idea to make first-level OUs the same for all domains to provide consistency for the company’s network
resources. First-level OUs typically represent the following:
Different business units, such as Sales, Support, and Management. Keep it flexible and broad
enough so that if your company reorganizes, you won’t have to re-create everything.
Keep the entire structure of OUs fairly shallow—no more than two or three levels—to ensure good
performance when users query Active Directory. A maximum of 10 levels of OUs is recommended.
You can use OUs in place of resource domains, which are used in Windows NT to simplify and
centralize administration of network resources. You can also create domain trees with separate domains
for resources. You should create new domains instead of OUs if you want to implement different
26
security policies in different locations or branches of your company or in an extremely large enterprise.
Otherwise, it is simpler to create only one domain and organize resources and administrative tasks using
OUs within that domain.
Site is a collection of computers that are grouped together to optimize the performance of domain
controllers. Sites are typically defined by geographical location and are connected by slower wide area
network (WAN) links. At least one domain controller must be located at each site, thus ensuring that
Active Directory runs at each site. Sites generally belong to one or more Internet Protocol (IP) subnets,
and computers within a site are joined by high-speed networking connections.
How It Works
You define sites to manage and reduce Active Directory logon and directory replication traffic on the
network. For example, when a user tries to log on to a Microsoft Windows 2000–based network,
authentication is automatically attempted first by domain controllers in the site where the user is located.
To optimize logon and replication traffic, sites should be groupings of servers connected by local area
network (LAN) or high-speed permanent WAN links. You can create sites to control which domain
controllers a group of workstations will use for network logons.
Sites contain two types of Active Directory objects: servers and connections. These objects are used to
configure Active Directory replication. You can schedule replication traffic between sites to occur at
off-hours to reduce network congestion. Replication traffic within a site (intrasite replication) uses
remote procedure calls (RPCs) with dynamically assigned port numbers. Replication between sites
(intersite replication) can use either TCP/IP or Simple Mail Transfer Protocol (SMTP) messages.
The topology of each site is stored in Active Directory. A site can contain domain controllers from
several domains, and domain controllers from a particular domain might be located in several different
sites. You can create sites by using Active Directory Sites and Services, a snap-in for Microsoft
Management Console (MMC). A default site is created the first time the Active Directory Installation
Wizard is run to create the first (root) domain controller of your enterprise.
3. Create a site link (or use an existing one) that represents a connection between your new site and
existing sites. Configure the transport, sites, cost, and schedule attributes of the site link as
desired.
4. If desired, create a site link bridge to reduce the number of site links that you need to create for
your new site.
5. Create a connection object using the Knowledge Consistency Checker (KCC) across each site
link between domain controllers in your new site and in linked sites.
27
6. Place domain controllers and global catalog servers in your new site as desired.
NOTE
Sites are not part of the Domain Name System (DNS) namespace for an Active Directory
implementation.
TIP
Try to limit the number of sites you use in your enterprise. Geographically separate locations of your
company that do not need domain controllers should be part of larger sites instead of separate sites.
There is no real advantage to defining multiple sites at a single physical location, and there are
disadvantages to doing so. For example, if all domain controllers in one site become temporarily
unavailable, workstations in that site will try to be authenticated from any other domain controller in the
domain, even if the domain controller is in a remote site. Once a workstation finds a domain controller
that responds to it, it will continue using that domain controller for all subsequent logons. This can cause
unwanted WAN traffic because Windows 2000 does not keep track of which sites are “near” a given site
in regard to network connectivity and speed.
Planning a site topology for your enterprise generally involves balancing good logon traffic with good
replication traffic. Be sure to take into account the available bandwidth of physical network links
between locations when you plan sites.
28
Steps to Install and Configure Active Directory in Window 2000 Server
When making the first logon , you will be presented with "Windows 2000
Configure Your Server":
You can continue the configuration at this time, but you can also select to close this windows and to
configure other items on the system or to install some other software, because this window will be
shown on each new logon until you have made the configuration and selected that this windows will
NOT be displayed anymore.
29
You can display
this
window at any
time by
selecting in the
menu
"Configure Your
Server",
which is part of
the
"Administrative
Tools"
In this installation example below, I assume that this is the only Windows 2000
server on the
network.
If you have no special needs for the configuration, then you can simply follow the
instructions of this wizard to configure your system:
- select "This is the only server in my network"
- continue with "Next":
30
31
This selection would "automatically configure" the server with all required
components:
- the Active Directory
- a DHCP-server
- a DNS-server (which is required for the Active Direcory)
32
The wizard would define for me the IP-address for the server and the subnet
for my complete network , which I did not like: I needed to use a different IP-
address. I decided therefore to cancel this step and to follow the advise to go
back to "Home" to select the other option : "One or more servers are already
running in my network" :
33
No more fully automated installation by a wizard:
34
We need now to select manually the services to be installed from the menu
on the left.
35
You have the possibility to read more about the details of domain controller and
on how to define multiple domain-controllers in a network. ( since this example
assumes only ONE Windows 2000 server on the network, I will not discuss here
the
terms "Tree" and "Forest")
Important:
the installation of the Active Directiry requires that at least ONE partition
on the harddisk is formated with NTFS. If you do not yet have such a partition, you
can cancel here the installation of the Active Directory, prepare a partition in NTFS
and then restart this configuration.
36
It is up to you to decide, which partition to use with NTFS. I personally prefer to
keep the C-drive ("system drive") in FAT format, so I formatted in this example
the F-drive in NTFS .
just "Next"
37
Again, we are installing a first domain controller and for this domain, we need to
create a new domain tree.
Like in nature, trees usually grow in a forest , and using this comparison, we need
to define the forest for our domain tree.
38
In general, each new top-level domain name (like: JHHOME.COM) would be a new
forest.
Since this is our first domain, we need to create a new "forest"for our "Domain
Tree" (which is then the only tree in our forest).Here is a difference compared to
nature: one tree is just one tree and not a forest, but with computers, it is
just a matter of definition)
It is now required to define
the name of the new domain.
39
To avoid problems, I am redefining my domain name to be now: "JHHOME.COM",
which looks like an Internet Domain name. (I am not sure, but if you insist on
using no "dot-something", Windows 2000 will add itself ".COM" )
It does NOT matter, whether this name is registered and in use already on the
Internet, because you will be using it only on your own network, and as long as
you are not registering this domain name as Internet Domain name, it will NOT be
known by the Internet users.
40
While a network with ONLY Windows2000 systems can work using only DNS, any
network with "legacy" versions of Windows (WfW, Windows95/98/ME,
Windows NT4) requires the use of "NetBIOS", either using "NetBEUI" -protocol
or
using "NetBIOS over TCP/IP", for which I need to define a NetBIOS compatible
Domain name. Here I can use now the name of the workgroup, which I like to
change to a domain.
You need to define the location for the database and Log-file
for the Active Directory.
(on my system, I did not have the 200 Mbyte free disk capacity on my C:-
system drive, so I was required = forced by the installation wizard to store this
information to a different drive )
41
Remember the window with the information on the Active Direcory stating the
need to a partition in NTFS ?
The SYSVOL folder will be later visible as part of the "Network Neighborhood"
or "My Network Places" and will contain user specific file, and to be able to
control the access to these files, that partition must be NTFS (since it is not
possible to use a FAT partition to define Access rights)
42
Active Directory is based on using a DNS-server. Since I did not yet install /
configure a DNS-server, it is now required to install it.
Again the question: will you have a network with some "legacy" systems
(= all pre-Windows 20000, like Windows95/98/ME/NT4)
43
Let's hope, that we will never have to use this password
for a Restore operation......
Selecting now "Next" will start the installation of the Active Direcory and
of the DNS-server.
44
You may have to be patient now for a LONG time : Please, just WAIT !
You may have to insert your Windows2000 CD-ROM or point the wizard
to the installation files on the disk (if you copied them from CD-ROM to
an I386 folder, as it is often done on NT-installations)
45
Click “Finish Button” to Finished!
After making the Logon, you will be shown again the window for "Configure Your
46
Server":
the information has changed, since you did already make the basic configuration.
You can now select to NOT "Show this screen at startup".
If you need to change your configuration and make the system again a Stand-
alone server, you can un-install Active Directory.
47
2.4 Installing and Configuring DHCP Server
Introduction
DHCP server is a server that dynamically allocates IP addresses to client machines using the Dynamic
Host Configuration Protocol (DHCP). DHCP servers perform the server-side operation of the DHCP
protocol. The DHCP server is responsible for answering requests from DHCP clients and leasing IP
addresses to these clients.
DHCP servers should have static IP addresses. A DHCP server gives DHCP clients at least two pieces
of TCP/IP configuration information: the client’s IP address and the subnet mask. Additional TCP/IP
settings can be passed to the client as DHCP options.
NB.
Automatic Private IP Addressing (APIPA)— If no DHCP server is available, clients will give
themselves an IP address in the 169.254 subnet .(in Workgroup Configuration)
How It Works
DHCP is a client-server protocol that uses DHCP servers and DHCP clients. A DHCP server is a
machine that runs a service that can lease out IP addresses and other TCP/IP information to any client
that requests them. For example, on Microsoft Windows 2000 or Windows 2000 Advanced servers you
can install the Microsoft DHCP Server service to perform this function. The DHCP server typically has
a pool of IP addresses that it is allowed to distribute to clients, and these clients lease an IP address from
the pool for a specific period of time, usually several days. Once the lease is ready to expire, the client
contacts the server to arrange for renewal.
DHCP clients are client machines that run special DHCP client software enabling them to communicate
with DHCP servers. All versions of Windows include DHCP client software, which is installed when
the TCP/IP protocol stack is installed on the machine.
DHCP clients obtain a DHCP lease for an IP address, a subnet mask, and various DHCP options from
DHCP servers in a four-step process:
48
Graphic 5.4.1 Dynamic Host Configuration Protocol (DHCP).
DHCP lease renewal consists only of steps 3 and 4, and renewal requests are made when 50 percent of
the DHCP lease time has expired.
Create a plan.
Before you configure your DHCP server, it is a good idea to have all your ducks in a row. Prepare and
have all the necessary information up front before sitting down and configuring your server. For
example, you may need to know:
The scope of IP addresses that your server will manage (e.g., 192.168.1.50 to 192.168.1.200).
Which machines require static IP addresses (i.e., those machines such as servers and routers
that will not use DHCP to receive their IP addresses but will be set manually).
Which network information you want to send out to DHCP clients when they get their IP
addresses (e.g., the addresses for your default gateway, DNS servers, and WINS servers).
It is much easier to configure your DHCP server with this information at hand rather than scrambling for
it at implementation time. The following are the general steps for installing and configuring DHCP:
Install the Microsoft DHCP Server service.
A scope or pool of valid IP addresses must be configured before a DHCP server can lease IP
addresses to DHCP clients.
Global scope and client scope options can be configured for a particular DHCP client.
Authorize the DHCP server.
The DHCP server can be configured to always assign the same IP address to the same DHCP
client.
Figure A
Figure B
50
Creating a DHCP Scope
Before a DHCP server can lease an address to DHCP clients, you must create or define a scope. A
scope is a list of valid IP addresses you want the DHCP server to be able to assign to clients. When a
machine requests TCP/IP information from the DHCP server, the information is provided from the
scope you created. There are two types of scope options: Global and Scope. Global options are
propagated to all the scopes that you create on that DHCP server, while Scope options are only for the
individual scope that you are working with. For example, if you have different scopes for several
different subnets and each subnet will have a different default gateway but will share the same DNS
servers, you would want to set the DNS servers as a Global option while the default gateways would be
set separately in each scope as a Scope option.
You must create at least one scope for every DHCP server.
You must exclude static IP addresses from the scope.
You can create multiple scopes on a DHCP server to centralize administration and to assign IP
addresses specific to a subnet. You can assign only one scope to a specific subnet.
DHCP servers do not share scope information. As a result, when you create scopes on multiple
DHCP servers, ensure that the same IP addresses do not exist in more than one scope to prevent
duplicate IP addressing.
Before you create a scope, determine starting and ending IP addresses to be used within it.
Depending on the starting and ending IP addresses for your scope, the DHCP console suggests a
default subnet mask useful for most networks. If you know a different subnet mask is required
for your network, you can modify the value as needed.
51
NB
Every DHCP server is required to have at least one scope. You can, however, create multiple scopes on
a DHCP server to administer different subnets.
Figure D
52
6. This window is where you specify all of your static IP addresses to exclude from your scope
(Figure E). Add any exclusions and click Next.
Figure E
7. Enter the amount of time the lease is active (Figure F) and click Next.
Figure F
Figure G
10. Enter the addresses of any WINS servers you configured on your network for resolving NetBIOS
names into IP addresses, as shown in Figure H.
Figure H
54
11. Choose Yes or No to indicate whether to activate your scope. There is still more work to be
done, so we will choose No, as shown in Figure I.
Figure I
1. Click Finish.
Superscopes
Some networks implement superscopes, which are collections of scopes that are grouped to allow
multiple logical subnets on one physical network. For more information on creating superscopes, see
Microsoft’s article Q161571: “Using DHCP ‘Superscopes’ to Serve Multiple Logical Subnets.”
Adding reservations
In addition to specifying exclusions, you can add reservations to your DHCP server. By adding a
reservation, you ensure that a machine always receives the same IP address from the DHCP server.
To add a reservation:
1. From the DHCP console, click the + sign next to the scope you created.
2. Click Reservations and select Action | New Reservation, as shown in Figure J.
Figure J
55
3. Enter a friendly name for the reservation and the IP address you want to assign to the computer
or device.
4. Enter the MAC address of the computer or device. (For Windows NT/2000 machines, you can
find the MAC address by running ipconfig/all from the command prompt of the machine.)
5. Enter a description and then choose the following reservation type: DHCP, BOOTP (going
across a router), or both, as shown in Figure K. Click Add.
Figure K
Figure L
56
3. Click Authorize and enter the name or IP address for your server (Figure M).
Figure M
4. Now you’re ready to activate your DHCP server and bring it online. Click the scope you created
and choose Activate from the Action menu (Figure N).
Figure N
57
Troubleshooting DHCP
After configuring DHCP, the easiest way to troubleshoot is to use Ipconfig from a command prompt in
Windows NT/2000. To view all TCP/IP information on a machine. just type ipconfig/all from a
command prompt. To release a DHCP lease, type ipconfig/release; to renew a lease, type
ipconfig/renew.
On Windows 98 machines, you must use the Winipcfg utility to access TCP/IP information. You can
access this utility by choosing Start | Run and typing winipcfg. From there, you can click the Release
and Renew buttons to access other options.
Chapter -Three
NETWORK ADMINISTRATION
3.1 Conceptualizing network administration
Network Administrator is a person who responsible for planning, configuring, and managing
the day-to-day operation of the network. Network administrator is also called a system
administrator. All network administrators are concerned with the same tasks regardless of
which operating system they use.
For example network administrator must perform the following tasks
- Create, rename, and delete a domain user account.
- Reset password for a domain user account
- Create and manage Groups
You create domain user accounts using the administrative tool called Active Directory Users and
Computers, a snap-in for the Microsoft Management Console (MMC). You can create domain user
accounts in the default Users OU or in any other OU that you have created in Active Directory.
1. Log on as administrator
2. click start, point to program, point to administrator tools then click active directory users
and computers windows 2000 displays the active directory users and computers.
3. Expand Microsoft.com (if you did not use Microsoft as your domain name expand your
domain) and double click user in the detail pane, notice the default user accounts which user
accounts does the active directory installation wizard create by default.
4. Right- click users, point to New then click user , windows 2000 display the new object
user dialog box
5. Type first name, last name & logon user name on the respective place
6. Click Next to continue
7. In the password box and the confirm password box, type the password or leave these
boxes blank if you are not assigning a password if you enter a password notice that the
password is displayed as asterisk as
8. Check on
User most change password at next logon
Select this if you want the user to change password at next logon
User cannot change password
Select this to prevent password changes by any one including Administrator.
Password never expires
Allow password to remain to valid beyond its expiration date.
(N.B account will expire within one month.)
Account is disabled
select this to prevent user to not logon and gain access on the network ( to disable an
account).
To specify from which computers the Domain user account log on to the network.
1. In the Console three of the Active Directory Users and Computers console, expand Users.
2. In the details pane, right-click on the Domain user account that you want to specify the
computers, then click Properties.
3. Click the Account tab, and then click Log On To button.
4. Click The following Computers option and then type or add the computer name that you
want to specify for the user.
5. Click Ok to Close the Log On To dialog box
6. Click Ok to apply your setting and close the user properties
To set account expiration for a user account
1. In the Console three of the Active Directory Users and Computers console, expand Users.
2. In the details pane, right-click on the Domain user account that you want to set expiration
time, then click Properties.
3. Click the Account tab
4. Click End of option from Account Expires area and then set the date.
60
5. Click Ok to apply your changes and return to the Active Directory Users and Computers
console
2. 4 Groups Managements
Group
A collection of user accounts. Groups simplify the task of network administration by allowing
administrators to group similar user accounts together in order to grant them the same rights and
permissions.
The scope of a group is the portion of the network where the group can be granted rights and
permissions. For example, a group whose scope is global can be granted permissions to resources
in its own domain and to resources in trusting domains. On the other hand, a group whose scope
is local can be granted permissions to resources only on the machine where it was created.
On Microsoft Windows 2000 -based networks, groups are created using Active Directory Users
and Computers. Groups are stored as group objects within Active Directory.
There are two types of groups in Windows 2000–based networks:
Security groups: are used to collect users, computers and other groups into manageable
units. When assigning permissions for resources (file shares, printers, and so on),
administrators should assign those permissions to a security group rather than to
individual users. The permissions are assigned once to the group, instead of several times
to each individual user. Each account added to a group receives the rights and permissions
defined for that group.
Can contain members and can be granted permissions in order to control user access to
network resources. Security groups have three different levels of scope. Also, security
groups in Windows 2000 can contain users, other groups, and even computers.
Distribution groups:
Used for nonsecurity functions such as grouping users together to send e-mail. Unlike
security groups, these groups cannot be used to control user access to network resources.
These two types of groups are stored in Active Directory. There are three levels of scope for
security groups in Windows 2000–based networks:
Universal groups:
Can contain members from any domain and can be granted permissions to resources in any
domain in the current domain forest. Universal groups can contain user accounts, global
groups, and universal groups from any domain in the current forest. Note that you can
create universal groups only when the domain is in native mode, and not in mixed mode.
Global groups:
Can contain members only from their own domain, but can be granted permissions to
resources in any trusting domain. When the domain is in native mode, global groups can
contain user accounts and global groups from the same domain. When the domain is in
mixed mode, these groups can contain only user accounts. These groups are used to
automatically organize users into common groups for administrative purposes, and they
exist only on Windows 2000/NT domain controllers.
Three built-in global groups exist:
61
Domain Admins: Initially, this group contains only the Administrator account
that was created during setup. Only people with administrative responsibilities
should be assigned to this group.
Domain Guests: This group contains the Guest account and is designed for
organizing temporary users of network resources and granting them access.
Domain Users: When a new user account is created, it is automatically added to
this group. The function of this group is to collect all ordinary users for the
purpose of assigning them permissions to resources on the network.
If you have different department and you need to put every account in that group.
Instead of assigning permission t individual user you create a group and you make an
account (users) a member of that group and permission can be assign only to a group.
To simplify NW maintenance and administration.
Security groups
Distribution groups
Security groups are used to collect users, computers and other groups into manageable units.
When assigning permissions for resources (file shares, printers, and so on), administrators should
assign those permissions to a security group rather than to individual users. The permissions are
assigned once to the group, instead of several times to each individual user. Each account added to
a group receives the rights and permissions defined for that group. Distribution groups can only
be used as e-mail distribution lists and they have no security function.
Scope of group
Local
Global
Local groups created on individual servers and right can be assigned only to local resources.
Global groups created on individual servers and right can be assigned to any resources in the
network.
1. Log on as administrator
2. click start, point to program, point to administrator tools then click active directory users and
62
computers windows 2000 displays the active directory users and computers.
3. Expand Microsoft.com (if you did not use Microsoft as your domain name expand your
domain) and double click user in the detail pane, notice the default user accounts which user
accounts does the active directory installation wizard create by default.
4. Right- click users/Organizational Units, point to New then click Group , windows 2000
display the new object user dialog box
5. Type Group Name and Select Global from the Group Scope
6. Click Next to continue
7. Click Finish Button to finish the wizard.
Chapter -Four
NETWORK TROUBLSHOOTING
While some pessimists have made a living troubleshooting hardware, so have some optimists. No
matter what you troubleshoot, the optimistic approach is always predictably the same—
methodical but successful. Stepping through a process of finding what's right may seem tedious at
first, but with practice it becomes very elementary. To illustrate the optimistic approach, consider
a common example of lost network connectivity. Suppose that Max, a user on your network,
cannot connect to the company intranet server to view his employee handbook. Here's the
optimist's way of resolving the problem.
1. Can I ping the intranet server by its host name from my system? Yes? Great—I have name
resolution, so DNS works; and since I can ping, that means that network connectivity from my
system to the server is good.
2. Since I already found that inbound network connectivity to the intranet server was good in step 1, I
look for a network problem associated with Max's computer. A quick look at his network interface
card's (NIC) that it's unplugged from his workstation. Problem solved!
The process of troubleshooting a computer network can be divided into the following steps:-
1. Defining the problem (Identify the exact issue)
2. Documenting the History of the Problem
3. Analyzing the Current Environment
4. Correcting the problem
5. Testing the corrective action
6. Following up
7. Document the problem and the solution
64
cause of the problem. If the problem is server or network related, then most likely the user will
not be able to offer too many clues, except that many users likely will report the same problem.
In this stage of the troubleshooting process, you are only looking to identify the "what" of the
problem (exactly what is going wrong) and it needs to be documented. For example, "Max cannot
connect to the company intranet server by using its host name." could be a problem. Once you
have the problem documented, the next step is to look at the computer's, network's, and
application's history.
Many problems are fixed by simply undoing something that was done earlier. Perhaps the
installation of a new driver is causing the network card to no longer function. In this case, you
could simply roll back to the previous driver or reinstall the correct driver. While this example
may seem elementary, problems such as this one have the potential to turn in to multihour
adventures simply because the technician failed to ask the user a few questions.
Once a problem is reported, ask the user what, if anything, was recently done to the computer.
Good questions to ask include these.
3. Does a single user or all users on the system experience the problem?
4. When was the last time the system was backed up?
6. Is the problem related to certain software you run or something you do?
As you continue to ask questions, you can begin to focus on the following list
1. Are you or all users affected by the problem? (If only one user has a problem, the
user’s workstation is probably the cause)
2. Did the problem exist before operating system upgrade? (Any change in Operating
system Software can caused new problem)
3. Are there new users on the network? (Increased traffic can cause logon and
processing delays)
4. Does the problem appear with all applications or only one? (If only one application
causes problems, focus on that application)
For company-wide problems, your best course of action is to check with the IS department
manager. If your Exchange server, for example, had to be taken down for a reboot when an
application was installed and you were unaware of the issue, you may wind up wasting time
troubleshooting a user's Outlook client configuration, when all that was needed was to tell the
user to wait a few minutes. This will save you the embarrassment of saying, after looking at the
user's Outlook setup, "I don't know what I did, but I must have fixed it!"
65
Aside from arriving at system history from interviewing the users, don't forget that many
operating system occurrences are automatically recorded in the event log, which is a great place
to find information on a computer's history.
To access the Event Viewer, click Start > Administrative Tools > Event Viewer.
Two event logs that consistently provide system history information are the system
log and the application log.
With history documented, you should next turn your attention to analyzing the current network
and local system environment. The type of problem, whether it is local or network related,
determines your course of action in this phase. When you examine the environment, attention
should primarily be focused on the following areas:
Network configuration
Installed applications
If time and resources permit, another aspect of analysis is to compare the problem system with a
known good system. Each of these facets of the environment analysis is described in the next six
sections.
Several problems occur that are simply bugs in the operating system and can often be solved by
upgrading the operating system to the latest service pack or by installing a hotfix. Service packs
are tested improvements to the OS that normally fix up to hundreds of small problems and
sometimes add additional features to the operating system. On the other hand, hotfixes are used
to fix a single problem that requires immediate attention. Since hotfixes are not as thoroughly
tested as service packs, you should only install a hotfix when it is needed.
You can determine if an operating system is at its current required service pack/hotfix state by
running Windows Update, provided that the system has Internet connectivity. Beginning with the
XP/W2K3 Windows platforms, you can configure the Windows Update service to automatically
download critical updates, thus automatically keeping your systems current. This is especially
useful with your IIS servers, when security vulnerabilities are found on nearly a monthly basis.
Many unusual workstation or server problems can be attributed to a virus. Even if your network is
not connected to the Internet, you may want to install antivirus software, since many viruses enter
66
enterprise-scale corporate networks by being brought in on a user's floppy disk. On the other
hand, if your network is connected to the Internet, antivirus software can give you a false sense of
security. To prevent this, many organizations today are blocking outbound access to most Hotmail
sites, thus not even giving the users the opportunity to bring viruses into the network via their
personal mail. No one can place a firm argument that accessing personal mail from the desks at
work is a business necessity, so if you do plan to block outbound access to these sites, you
shouldn't get much of an argument. Oftentimes, problems that appear to be an operating system
or application failure are the result of an undetected virus. Failure to first rule out the possibility
of a virus (by running a virus scan using up-to-date antivirus software) may cause you to waste
hours of unnecessary troubleshooting time. Some technicians have gone so far as to waste hours
reinstalling an entire operating system, only to have the problem return, which would be the case
if a boot sector virus was never properly removed. Antivirus software can go a long way toward
eliminating what's right when you are faced with diagnosing operating system and application
faults.
Now let's suppose that you have the latest and greatest antivirus software installed on all your
workstations and servers. To be protected against viruses, you should be able to answer "Yes" to
each of these questions.
Are periodic virus scans scheduled so that they run automatically on each system?
Is each system configured so that it will automatically download the latest virus
signatures?
If you answered "No" to one of these questions, then your network is not as safe as it should be. In
many situations, a company's data is its value, so not having a budget to purchase and implement
an enterprise-class antivirus solution is simply an excuse for the misinformed. Unfortunately,
some organizations don't learn the value of antivirus software until its stops business production
for one or several days.
Network Configuration
The next environment and local computer settings to examine should be the network
configuration. The fastest means to find the network configuration settings on a computer is to
run the ipconfig / all command from the command prompt. The command's output is shown in
Figure 7-1.
Figure 7-1
Ipconfig/all
Output
67
Information on each network interface is displayed in the command output, including all the
important TCP/IP configuration information.
Installed Applications
Next, note the applications installed on the system. Does the problem occur when an application
executes? Was a new application recently installed, and has its installation resulted in the
reported problem? Does the problem only occur when a particular application is printing? If you
can get a "Yes" answer to any of these questions, then you are in luck since these types of
application-related problems can be reproduced, and thus you can duplicate the fault yourself.
If the application has services that run on startup, a quick check is to note the application's related
services and their dependencies. There may be a hung service that is at the root of the problem.
Most likely, as mentioned earlier in the Documenting the History of the Problem section, you will
find evidence of this type of problem in the application log in the Event Viewer.
Remember, each of these checks is nothing more than clues to help you solve the mystery of the
reported fault. In noting the installed applications and their relevance to the fault, you are
collecting evidence that may aid in the eventual problem resolution. For software-related
problems that integrate with hardware, another fault possibility to closely scrutinize is firmware,
which is covered next.
If resources and time permit, another proven method for isolating faults on a system is to compare
it with a known good reference. If you have two identical workstations, for example, you could
compare the settings of each. If one system is not able to access the network, moving it to another
desk with a known good connection allows you to eliminate or confirm that the network is the
problem.
For software-related faults, you could compare network settings, such as DNS or WINS server
addresses, or subnet masks. For troubleshooting a network with which you are not familiar,
comparing the settings of two computers is often an easy way for you to quickly learn the
software configuration on the network. Otherwise, if it is a network that you have been managing
for some time, you probably already know the correct configuration information, and this would
be an unnecessary step.
68
Check the simple staff
The correct login procedure and right
User must follow the correct login procedure exactly sometimes user make a problem
- By typing wrong user name or password including leaving the caps lock key
pressed.
- If a user doesn’t login at the right time or from the right workstation, the network
OS will reject the login request.
- If the user tries to establish more connections than allowed, access will be denied.
To test this kind of problem
First check to see if the user has typed their login correctly.
Make sure caps lock isn’t active.
Try to login from another workstation.
Check the network documentation to see if there is restriction.
The link light
o The link light is a small light-emitting diode (LED) found on both the NIC and hub
indicating that they are making a logical connection.
o It is typically green, if link light are lime on both the workstation is connected.
A hardware problem can be Hard disk failures, Bad path cable, connectivity devices failures
like Hubs, Switches and some components may just suddenly fail.
The solution to hardware problem usually involves either changing hardware setting or
replacing hardware.
In addition to this I/O address, IRQ and DMA conflicts can cause computers to malfunction.
The cable
Check to see if the cables are properly connected to the correct port. If you test the NIC
and there is no link light, the problem could be related to a bad path cable.
Eg. Disk full message (indicating that the disk can not stores any more files on it)
69
Step 4: Correcting the Problem
Once you have identified the problem, you will be faced with choices on how to correct it. While an
optimal fix for any problem normally exists, several workarounds probably do as well. The way
you go about correcting a problem can be just as important as the process of identifying the
problem in the first place. This section addresses how to approach correcting problems once you
have found them and looks at the consequences to the many workaround solutions.
Your time is valuable, just as it is for the network users, so if you can fix a problem in minutes,
then do so. When a server or system needs to be brought up as quickly as possible, performing a
restore from backup might be the fastest approach. Of course, if your problem is with a high-
gigabyte or -terabyte file or a database server, then restoring from backup will most likely be the
last resort.
For workstations, if you have a clone image from imaging software such as Ghost, or from
Microsoft's Remote Installation Service (RIS), then you could perhaps consider reimaging the
machine. If all of the user's business-related files are stored on a server, then reimaging the user's
system should be your first course of action. The user, on the other hand, may not like losing all of
his or her MP3s and other personal files stored on the workstation, but downloading some non-
business-related application may have been what caused the problem in the first place.
Unfortunately for you, the decision to reimage or not to reimage might be driven by politics. If the
CEO's laptop is having problems, odds are that you will be tasked with fixing the system at all
costs, and reimaging would become the absolute last resort.
Another example, If you determined earlier that the cause was improper configuration of
DNS/DHCP lookup on the server, you will configure it again.
Now that you have corrected the problem, make sure that you test your corrective action first
before sending out an e-mail alerting the company that you have triumphantly (successfully)
conquered the problem. Just because your system can connect to a server that was down, or you
can now run a problematic application on a terminal server, don't assume that everyone can. On
several workstations, including the workstation from where the problem was originally reported,
verify that your solution has successfully resolved the problem.
Many troubleshooters have made the mistake of proclaiming victory too soon, only to realize that
what works on one system, still fails on all others. If you had to update software on several
terminal servers, Internet servers, on intranet servers, test connectivity to all servers that were
updated, and not just a select few to ensure that the update completed successfully.
Steps 6: Following Up
If you cannot permanently resolve a problem and you simply institute a hack to work around the
true problem, don't forget to follow up and budget time to fix the real problem. If you use Outlook,
you may consider placing a follow-up event at a later date in your calendar with a reminder for
70
the event. This way, you can ensure that you will not forget to follow up your corrective action
with any additional work.
If user error was the source of the problem, you may need to train the user on his or her mistake.
Explain the problem and the solution using simple word. If multiple users are making the same
mistake, then scheduling instructor-led group training may be the best course of action, to prevent
the fault from reoccurring in the future.
Aside from users, also make sure to check at periodic intervals that your corrective action has
improved performance on the systems and network components themselves. The application and
system event logs should be periodically scanned on the problem systems in the weeks that follow
the corrective action, to verify that no residual problems remain.
71