Network Module Practical II

Chapter -One
INSTALLING PEER TO PEER NETWORK
1.1 Conceptualizing Peer-to-Peer network

A peer-to-peer network, also called a workgroup, is commonly used for home and small
business networks. In this model, computers directly communicate with each other and do
not require a server to manage network resources. In general, a peer-to-peer network is most
appropriate for arrangements where there are less than ten computers located in the same
general area. The computers in a workgroup are considered peers because they are all equal
and share resources among each other without requiring a server. Each user determines
which data on their computer will be shared with the network. Sharing common resources
allows users to print from a single printer, access information in shared folders, and
work on a single file without transferring it to a floppy disk.
In order to establish a peer-to-peer network, you must ensure that all of the necessary
hardware, protocols, services and settings are configured properly. This includes:
 Hardware Components
- Computers: A minimum of two computers is required to establish a peer to peer
network.
- Installing a network adapter, also called a Network Interface Card (NIC).
Each computer that you want to be part of the network must have a standard network
adapter installed. A network adapter is installed on your computer's motherboard and is
used to access a network. When you install a network adapter, the operating system
creates a local area network (LAN) connection for you. It appears, like all other
connection types, in the Network and Dial-up Connections folder in Control Panel. Each
time you start your computer, Windows XP / 2000 detects your network adapter and
automatically starts the local area connection.
 Steps to install NIC driver
1. First log on as Administrator.
2. Right click on My computer → Click Manage
3. Select “Device Manager” →Select Network adapter from content
pane→ Right-click → click Properties → Select Driver tab → click
Reinstall.
4. Insert Motherboard CD (If your NIC is attached to Motherboard) insert
floppy disk (If your NIC is on card- d/t type:-3Com,SIS, Reltex) → follow
- Cables: the
are procedure.
used to physically connect the computers on the network
5. But in
Normal /StraightXPthrough
the OS Cable:
detect NIC, so no
Connect need of inserting
Computer to Hub. CD/floppy disk.
Cross-over Cable: Connect Hub to Hub.
- Network connectivity device: Hub and Modem
Depending on the size of your network, you may also need a network hub to provide
interconnection between PCs on the peer to peer network. Two PCs can connect using
crossover cable but if you have three or more computers in your network you need buy
a hub or multi-speed hub (called a switch).
3
- Shared Resources and peripherals: like printer, plotter, storage devices etc
 Connecting the computers. You will need to decide which design layout, or
topology, will work best for your network. Some common topologies are bus,
star, and ring. The topology you choose will determine what type of cabling
and connectors you will need. For example, a standard network configuration
(star) uses UTP cables to connect each computer to a centralized component called a
hub. Hubs serve as distribution points for the entire network. One of the primary
advantages to using a hub is that a failure in a single cable or computer affects only the
computer using that cable; the rest of the network will keep functioning. Many different
types of hubs are available and the type you choose will depend on the network type
and cabling used. However, your hub must simply have enough ports to connect all of
your computers.
 Installing a network protocol and service, which is the software that allows you to
connect to other computers on the network.
o Client: Client for Microsoft Network -Allows your computer to access
resources on a Microsoft network
Service: File and Printer Sharing for MS Network -Allows other computers to
access resources on your computer using a Microsoft network
 Installing the correct network protocol. Each computer must be using a compatible
network protocol, such as NetBEUI, IPX/SPX, or TCP/IP.
Protocol: Internet Protocol (TCP/IP) & NetBuei- a protocol that provides
communication between computer across the network.
 Steps to install network protocols and services

Once you have installed the necessary hardware and connected the computers,
you need to install each computer with the appropriate protocols and services using
the following steps:
1. First logon as Administrator
2. Right click on My Network place → Click Properties
3. Right click on Local Area Network → Click Properties or
Double-click on Local Area Network.
4. Click Install button to install network components
5. Select Network Components you want to install (Client or Service or
Protocol) and Click Add button
Client: Client for Microsoft Network
Service: File and Printer Sharing for MS Network
Protocol: Internet Protocol(TCP/IP) & NetBuei
1.2 Configuration the Workgroup

Windows XP/ 2000 provide a workgroup model that organizes computers in a peer-to-peer
network into groups. These grouping help each user easily find other computers on the
network. You must identify each computer with a unique name and join into the workgroup in
order for the other user to access it on the network. It is better to setup a same
workgroup on all computers. The computer name is displayed in one Workgroup name to
4
the other user when they browse the network. Many people use their name to identify their
computer, but any meaningful name will work.
 Steps to join a workgroup

1. Log on as an Administrator.
2. Open System in control panel or Right-click on my
computer and click properties.
3. Click the Computer name tab (In Window XP) or Network
Identification tab (Win 2000) tab Click Change button.
4. In Computer name, type your computer name.
5. Under Member of, click Workgroup and type the name of
the Workgroup that you want to join and then click Ok.
Note:-
 A workgroup name must not be the same as computer name.
 A workgroup name can have as many as 15 characters, but it can not containing any of
the following characters :;”<>*+=\|?’.
 Computer name can not be more than 15 characters and it must be unique (you can not
use a name already use on the NETWORK.
 If your computer was a member of a domain before you joined the workgroup, it will be
disjoined from the domain and your computer account will be disabled.
1.3. Sharing and Accessing Resources

After all the necessary network components are installed & configured users can designate
documents and resources on their computer as shared resource, which can then accessed by
other network users.
Advantages of Sharing
When you turn on file sharing, you can determine what resources are available in the network. All the
computers on the network can use the resources that you enable for sharing. For example, you can
enable the following resources for sharing:
• Folders
• Drives
• Printers
• Internet access
Resources that are not set up for sharing remain private.
There are many advantages to sharing devices and files:

• You can easily copy or move files from one computer to another. You can share
work on files on different computers.
• You can access a single device, such as a printer or a ZIP drive, from any computer.
• One Internet access point is sufficient for several computers to use the Internet at
the same time.
5
Sharing Files
When a computer allocates resources, it assumes server functions. Any computer in a
peer-to-peer network workgroup can do so. You must configure file and printer
sharing for a computer to act as a server. You set up this functionality when you
installed the network card. Therefore, you can already share a file or files that you
want to use on other computers.
To share a file, follow these steps:
1. Locate a folder on the computer.
2. Right-click the file that you want to share, and then click Sharing and
Security to view additional settings.
3. The next two windows only appear when you are setting up your first
shared item. Windows notifies you that sharing data presents a certain
security risk. Therefore, remote access is turned off by default. Click the
Security warning message, click Just enable file sharing, and then
click OK
4. Now you can share data. Click Share this folder on the network, and
then type a share name. You can use this name later to access the
data. The share name and the folder name do not have to be the same.
5. Specify whether the data that is accessed over the network can be
changed, and then click OK.
6. The icon for the shared folder appears with a picture of a hand:
You can use the same method to share whole drives, including the following drives:
• Hard disks or partitions
• CD ROM drives
• ZIP drives
To stop sharing, right-click the file that is shared, click Sharing and
Security, and then clear the Share this folder on the network check
box. When you do so, this resource no longer appears under this
computer name. However, the folder link directly in the network
environment remains. It is no longer available unless you set it up for
sharing again. When a user tries to access the folder, they receive a "No
access" message.
Note
 If the share this folder on the network checkbox is unavailable, this computer is not a
network.
 The sharing option is not available for Document & setting, program files, WINDOWS
system folders.
 You can not share folder, if you remove File & print sharing services & QOS protocol
Creating an Internet Connection

Your network is now fully functional. If you have already set up an Internet
connection, optimize the configuration. Make sure that File and Printer Sharing and
6
Client for Microsoft Networks are turned off in the dial-up connection (only here). and
make sure that the Internet connection firewall is turned on. A dial-up connection to
the Internet does not use these services, and the firewall provides some protection
against malicious users. To optimize the configuration, follow these steps:
1. Click Start, click Control Panel, and then click Network Connections.
2. Right-click the dial-up connection, and then click Properties.

3. Click the Networking tab, and then click Advanced to confirm the following settings:
• The Client for Microsoft Networks check box and the File and Printer
Sharing for Microsoft Networks check box are not selected.
• The Internet Connection Firewall check box is selected.
4. Click OK.
To access the shared folder

We have several methods for users to Access shared folders in the network.
o Browsing the Network.
o Using the Run command
o Using Mapped Network drives
Browsing the network in XP

To access the shared folder, Double-click on My Network Places.
You can access the shared folder in the following ways:

• Directly on the top level
• Hierarchically on the computer level
When you open My computer, the shared resources for all the computers in your small
network are listed next to each other. You can find the required folder under
Share_name on Computer_name.
If you entered a computer description when you assigned a computer name, you must
search for Share_name on Computer_description (Computer name).
If you work your way down to a specific computer in the network, you will see only
the shared resources on this one computer. Click View workgroup computers,
double-click the computer names (either as Computer_name or as
Computer_description [Computer name]), and then search for the name of the shared
file.
If you click Allow network users to change my files, you can view, copy, move,
change and delete files in this folder on any computer in this network. You can add
new files and access subfolders and files.
In Windows 2000
Double click My Network Place → Open Entire Network – Open Workgroup name.
7
Class IT → Computer Name → Shared folder.
Using Mapped network drives

The Mapping the network drive lets you display a network resource in My Computer or
Windows Explorer, which makes your network resources easier to find. Use Map Network
Drive for network resources you use frequently or when you know the exact network path and
name of the resource you want to connect to.
To assign a drive letter to a network
- Open My computer
- On the Tools menu, click Map Network Drive or right click on My computer click Map
Network Drive
- In Drive, Select a drive letter.
- In the folder, type the server & share name of the computer or folder you want.
Note
 To reconnect to the mapped drive every time you logon, select the Reconnect at logon.
 Mapped drives are available only when the host computer is available.
To disconnect from a mapped network drive
- Open My Computer & on the Tools menu, Click Disconnect Network drive.
- Select the drive from which you want to disconnect & then click Ok.
Using run Window

To open a shared folder from a remote computer
- Click start → open Run Window
- Type \\computer name\shared folder name and press Enter.
1.4. Configuring Security Setting
Now the users can freely access shared resources on the network you should also ensure
that the data on each computer and the network is protected. Windows Xp/2000 provides a
security infrastructure that allows you to determine the safeguard for you data and
applications.
These features help you to identify the people on the network, restrict access to resources,
and set policies for how people can use them.
 To set the restriction access to the resources (Files)
- While you share your folder click Permission button.
- Give a privilege to access your file (Full control, write, read)
- Add click Ok.
 Hiding the shared resources from users in the network.
- You can hide the shared resources from users by typing $ as the last character of the
shared resource name.
Example: Shared name New$
( You can browse your hide shared resources using Run Window
 Making your folders private
If don’t want others to access your files
- Open Document & Setting folder from C:\Drive (Usually drive C :\)
- Right click any folder in your user profile & click sharing and Security.
- Select the Make this folder private so that only I have access to it Check box.
- Click Ok.
Note
 If you don’t make your folder private, they are available to everyone who uses your
computer.
8
 When you make a folder private, all of its subfolders are private as well.
For Example when you make My document private, you also make My music and My
picture private too.
( You can not make your folders private if your drive is not formatted with NTFS file
format.
1.5 Sharing Internet Access

Internet Connection Sharing overview
With Internet Connection Sharing (ICS), you can connect computers on your home or
small office network to the Internet using just one connection. For example, you have one
computer that connects to the Internet by using a dial-up connection. When ICS is
enabled on this computer, called the ICS host, other computers on the network connect
to the Internet through this dial-up connection. In this section You will create an internet
connection (dial-up connection) in one computer and share the internet connection to the
other computer on the peer-to-peer network.
Creating an Internet Connection
With Network Connections, connecting to the Internet is easy. For example, to create a
dial-up connection, you can use the following components to gain access to the Internet:
 The TCP/IP protocol that is enabled for your network connection.

 A modem and Telephone line to connect to ISP.
 User Name and Password from ISP.

An Internet service provider (ISP) is a company that provides Internet
access. There are Internet service providers around the world. To connect
to the Internet, you dial a phone number and log on to the remote system.
Once connected, you have access to the Internet and any other services,
such as e-mail, that are provided by the ISP. Fees usually apply for
commercial ISPs.
Steps to make an Internet connection:
1. Open Network Connections from the Control Panel.

2. Under Network Tasks, click Create a new connection, and then click Next.
3. Click Connect to the Internet, and then click Next.
4. Choose one of the following:
o If you already have an account with an Internet service provider (ISP), click
Set up my connection manually and then click Next.
o If you have a CD from an ISP, click Use the CD I got from an ISP and
then click Next.
o If you do not have an Internet account, click Choose from a list of
Internet service providers (ISPs) and then click Next.
5. From your choice above, select Set up my connection manually and click Next.
9
6. Select Connect using a dial-up modem and click Next.
Note:
o Dial-up connection- This type of connection uses a modems
with a standard phone line and its speed usually not more than
56 kilobits per second (Kbps) .
o Broadband connection- This is a high-speed connection,
typically 256 kilobytes per second (KBps) or faster.
Broadband includes DSL and cable modem service.
Fiber-optic cable can be used as transmission medium in
broadband connection to carries multiple messages at a time.
7. Type ISP Name usually the name of your Internet Service Provider and Click
Next.
Note: You can type any name, but the name you type here
will be the name of the connection you are creating.
8. Type Phone Number to Dial usually ISP’s Phone Number (900) and Click
Next.
9. Type an ISP User Name and Password, select two checkmarks and click
Next.
10. Select a Checkmark to add shortcut to this connection to your desktop and
click Finish.
After you set up an Internet connection make sure that File and Printer Sharing
and Client for Microsoft Networks are turned off in the dial-up connection (only
here). and make sure that the Internet connection firewall is turned on. A dial-up
connection to the Internet does not use these services, and the firewall provides
some protection against malicious (harmful) users and viruses.
To do this follows these steps:
1. Click Start, click Control Panel, and then click Network Connections.
10
2. Right-click the dial-up connection, and then click Properties.
3. Click the Networking tab, and then click Advanced to confirm the following settings:
• The Client for Microsoft Networks check box and the File and Printer
Sharing for Microsoft Networks check box are not selected.
• Click Settings button Select On option button on General tab to turn on
firewall with exception and set your exceptions program and services on the
Exceptions tab.
11
4. Click OK.
12
Sharing an Internet Access in a Peer to Peer network
Steps to enable Internet Connection Sharing:
You must be logged on as an administrator or a member of the Administrators

group in order to complete this procedure. If your computer is connected to a
network, network policy settings might also prevent you from completing this
procedure.
 To set up Internet Connection Sharing, run the Network Setup Wizard.

Or
1. Open Network Connections.

2. Click the network connection on which Internet Connection Sharing (ICS) is
enabled, and then, under Network Tasks, click Change settings of this
connection.
3. On the Advanced tab, under Internet Connection Sharing, do one of the
following:
o Put a check mark on Allow other network users to connect
through this computer’s Internet connection to share internet
connection to the other network users.
o If the Establish a dial-up connection whenever a computer on
my network attempts to access the Internet check box is
selected, when the ICS host detects a client's outbound Internet
traffic, it connects to the Internet using the shared Internet
connection. However, unless the Allow other network users to
control or disable the shared Internet connection check box is
selected, the client is unable to control when the connection connects
or disconnects.
o To give network clients permission to control the shared Internet
connection, select the Allow other network users to control or
disable the shared Internet connection check box.
13
1.6 Sharing your printer
1. Open Printers and Faxes.
2. Right-click the printer you want to share, and then click Sharing.
3. The options you see on the Sharing tab differ depending on whether
sharing is enabled on your computer. For instructions on what to do next,
click the option that describes what you see on the Sharing tab.
I see text stating that printer sharing must be turned on
o You need to enable printer sharing by running the Network Setup

Wizard. Start it by clicking the link on the Sharing tab, and then
follow the instructions. Once sharing is enabled, begin this procedure
again.
I see options for sharing or not sharing the printer
1. On the Sharing tab, click Share this printer and then type a share
name for the shared printer.
2. If you share the printer with users on different hardware or different
operating systems, click Additional Drivers. Click the environment
and operating system for the other computers, and then click OK to
install the additional drivers.
Drivers for users running other versions of Windows (Windows 95,

Windows 98, or Windows NT 4.0) are located on the Support CD.
Printer drivers for Windows NT 3.1 and Windows NT 3.5 are not
included.
3. Click OK, or, if you have installed additional drivers, click Close.
Notes
 To open Printers and Faxes, click Start, point to Settings, click Control
Panel, and then double-click Printers and Faxes.
 You can also share a printer in Printers and Faxes by clicking the printer you
want to share, and then clicking Share this printer under Tasks on the left
side of the window. This option is available only if folders are set to look like
a Web page and a printer is selected. For more information, click Related
Topics.
 Printers are not shared by default when you install them on Windows XP
Home Edition, but you can choose to share any printer you install on your
computer.
 When you publish a printer in Active Directory, other users logged onto the
Windows domain will be able to search for the printer based on its location
14
and features such as how many pages it prints per minute and whether color
printing is supported.
To connect to a printer on a network

2. Under Printer Tasks, click Add a printer to open the Add Printer Wizard,
and then click Next.
3. Click A network printer, or a printer attached to another computer,
and then click Next.
4. Connect to the desired printer using one of the following three methods.
Click a method for instructions.
Search for it in Active Directory.
This method is available if you are logged on to a Windows domain running

Active Directory.
1. Click Find a printer in the directory, and then click Next.

2. Click the Browse button to the right of Location, click the printer
location, and then click OK.
3. Click Find Now.
4. Click the printer you want to connect to, and then click OK.
Type the printer name or browse for it.
5. Click Connect to this printer.

6. Do one of the following:
 Type the printer name using the following format:
\\printserver_name\share_name
 Browse for it on the network. Click Next, click the printer in

Shared printers.
7. Click Next.
Connect to an Internet or intranet printer.
Using a printer’s URL allows you to connect to a printer across the Internet,
provided you have permission to use that printer. If you cannot connect to
the printer using the general URL format below, please see your printer's
documentation or contact your network administrator.
8. Click Connect to a printer on the Internet or on your intranet.

9. Type the URL to the printer using the following format:
http://printserver_name/Printers/share_name/.printer
15
5. Follow the instructions on the screen to finish connecting to the network
printer.
Notes
 You can also connect to a printer by dragging the printer from the Printers
folder on the print server and dropping it into your Printers folder, or by
right-clicking the icon and then clicking Connect.
 Another way to add a printer is to double-click Add Printer. This option is
available only if folders are set to the Windows XP classic folder look, and if
a printer is not currently selected.
 After you have connected to a shared printer on the network, you can use it
as if it were attached to your computer.
To stop sharing your printer

2. Right-click the printer you want to stop sharing, and then click Sharing.
3. On the Sharing tab, click Not Shared.
Note
16
Chapter -Two
SERVER-BASED NETWORK.
2.1 Conceptualizing Server- Based Network
Server
A computer whose role in a network is to provide services and resources to users. In a large network
environment, servers may have one or more specific roles in a network, depending on the number of
users, volume of traffic, number of peripherals, and so on. Computer that functions as servers within a
domain can have one of two roles, Domain Controller or Member Server.
Domain Controller: - is the authentication server or security server validate users for logging
on and accessing network resources.
Member servers: is a computer that is running winnows 2000 or Advanced Server that provides
specific function. Such as :-
 Application servers are used as the back end in a client/server environment. An example of an
application server is Microsoft Exchange Server, which functions as the back end of a
client/server messaging system that includes Microsoft Outlook as the front-end user interface.
 File and print servers provide users with centralized locations for storing files and accessing
print devices. Microsoft Windows 2000 member servers and Windows 2000 servers running
Internet Information Services (IIS) are examples of file servers.
 Web servers can be used to host anything from static Hypertext Markup Language (HTML)
pages to commercial Web applications such as online storefronts. IIS is an ideal platform for
developing Web-based applications using Active Server Pages (ASP) technology.
Server-based network
 A network in which network security and storage are managed centrally by one or more servers.
How It Works
 In a server-based network, special computers called servers handle network tasks such as
authenticating users, storing files, managing printers, and running applications such as database
and e-mail programs. Security is generally centralized in a security provider, which allows users
to have one user account for logging on to any computer in the network. Because files are stored
centrally, they can be easily secured and backed up.
 Server-based networks are more costly and complex to set up and administer than peer-to-peer
networks, and they often require the services of a full-time network administrator. They are ideal
for businesses that are concerned about security and file integrity and have more than 10
computers.
 Microsoft Windows NT and Windows 2000 are ideal operating systems for server-based
networks. They offer centralized network administration, networking that is easy to set up and
configure, NTFS file system security, file and print sharing, user profiles that allow multiple
users to share one computer or allow one user to log on to many computers, Routing and Remote
Access for supporting mobile users, and Internet Information Services (IIS) for establishing an
intranet or Internet presence.
17
Setting up a server-based network requires more resources than peer-to-peer.
Such as:
 A special computer to be used only as network server.

 Network Operation System
 A trained Administrator’s staff to over see network operations.
2.2 Installing Network Operating System

System requirements:
Before you install windows 2000 Advanced Server you must consider system requirements.
To ensure adequate performance, make sure that computer on which you will install windows 2000
Advanced Server meet the following.
- 133-MHZ Pentium or higher Central Processing Unit (CPU). A maximum of eight CPUs per
computer are supported.
- 256 MB of RAM recommended minimum (128 minimum supported; 8GB Maximum)
- For computers with more than 4GB of RAM, be sure to check the Hard ware Compatibility List
(HCL)
- A hard disk partition with enough free space to accommodate the setup process. The maximum
amount of space required will be approximately 1GB more space might be needed, depending on the
following:
 The components being installed the more components the more space needed.
 The file system used FAT requires 100 – 200 MB more free disk space than other file
system.
 The method used for installation if installing from across a network, allow 100 – 200 MB
more space than if installing from the CD-ROM (More driver files need to be available during
installation across NW)
In addition an upgrade could require much more space than a new installation.
HOW TO INSTALL WINDOWS 2000 ADVANCED SERVER

Estimated time: 1 hour.
1. Insert the CD and wait for autorun window. Select Install Operative System. It is possible to
install the operative system from a network drive, or a hard disk if I386 folder is copied on it.
2. When installing from a network drive or a hard disk use WINNT.EXE if you want to install
the operative system with no operative system from command prompt. Use WINNT32.EXE if you
want to install the operative system running Windows 2000 Professional.
3. Welcome to the Windows 2000 Setup Wizard. You can upgrade your operating system so it is
replaced (if other operative system) or you can install a new copy.
4. License Agreement.(Press F8)
5. Product Key.
6. Select Special Options. You can customize language, installation, and accessibility options for
setup.
18
7. Upgrading to the Windows 2000 NTFS File System. The NTFS File System gives you increased
file security, more reliability, and more efficient use of disk space. You should not upgrade your
drive if you plan to install or use other operating systems on this computer such as MS-DOS,
Windows 95, or Windows 98. Select No, do not upgrade my drive.
8. The installation files will be copied to hard disk
9. BE CAREFUL: It’s better to have Operative System into different partitions. If not possible
make sure that you change the folder of installation. Select C: drive and \WINNTS folder for
Windows 2000 Advanced Server.
10. The system asks you to reboot.
11. Once all the files have been copied a Setup Wizard starts.
12. You can change Regional Settings like system or user locale settings (location, numbers,
currency, time date, etc.) or keyboard layout.
13. Personalize your software. Type a full name and the name of your company or organization.
Name: Mary Help Of Christians Organization: Salesians Sisters.
14. Licensing Modes. You can use licensing mode per number of concurrent connections or per
seat. Select per sever and choose 10 concurrent connections.
15. Computer Name and Administrator Password. Computer name: SERVERnn (nn is the
number of your seat). Administrator Password: leave it in blank.
16. Windows 2000 components. You can add or remove components of Windows 2000. Select
Internet Information Server. Click Details. Select FTP server
17. Date and Time Settings. Date and Time. Time Zone. You can also adjust automatically the
clock for daylight saving changes.
18. Networking settings. Windows installs networking components. Choose whether to use typical
or custom settings. Typical settings option creates network connections using the Client for
Microsoft Networks, File and Print Sharing, and the TCP/IP transport protocol with automatic
addressing. Custom settings option allows you to manually configure networking components.
Choose Typical settings.
19. Workgroup or Computer Domain. You can make the computer not working on a network or
make it be a member of a workgroup or an existing domain. Select first option (No, this computer is
not on a network.)
20. Installing Components
21. Performing Final Tasks. Installs Start menu items, Registers components, Saves settings and
Removes any temporary files used.
22. Now the computer has a dual-boot menu so you can run your computer using Windows 2000
Professional or Windows 2000 Advanced Server.
23. As you start Windows 2000 Advanced Server the Windows 2000 Configure Your Server
window appears. This is a window allows you to configure your server.
24. If you want the computer to be a Domain Controller (only one per network) you have to install
the Active Directory.
19
2.3 Configuring Active Directory
Active Directory (AD) Architectural Overview
Active Directory is the directory service for the Microsoft Windows 2000 network operating system.
Active Directory consists of both a database and a service. Active Directory is a database of
information about resources on the network, such as computers, users, shared folders, and printers. It
is also a service that makes this information available to users and applications. Active Directory
provides the basic features needed for an enterprise-level directory service, including an extensible
information source, naming conventions for directory objects, a common set of policies, and tools
for administering the service from a single point of access. Administrators can configure Active
Directory to control access to network resources by users and applications.
How It Works
The basic element of Active Directory is the object. An object can represent a user, computer, printer,
application, file, or another resource on the network. Active Directory objects possess attributes,
which are their properties. For example, some user attributes might include first name, last name, e-mail
address, and phone number. Some attributes must have mandatory values, while others can be left
undefined. Attributes of a printer might include the location of the printer, the asset number of the
printer for accounting purposes, the type of printer, and so on.
A special type of Active Directory object is the organizational unit (OU). An OU is a type of object
that can contain other objects. An OU can either contain a specific object, such as a user or an
application, or it can contain another OU. Using OUs, you can organize Active Directory into a
hierarchical directory of network information.
You can assign users permissions on subtrees of OUs for management and resource access purposes.
Organizational units are contained within domains, which are the basic security and organizational
structure for Active Directory. Every object in Active Directory must belong to a domain. Domains
usually mirror the organizational structure of your enterprise and act as a security boundary in your
enterprise. For example, privileges granted in one domain are not automatically carried over to another
domain. Domains can be joined into larger structures called domain trees using two-way transitive
trusts, and these tree structures can be grouped into domain forests for larger enterprises.
Active Directory has a set of rules governing which objects can be stored in the directory and which
attributes these objects can possess. This set of rules is known as the schema.
Information in Active Directory is maintained for each domain on the network. Active Directory
database information is stored and maintained on machines called domain controllers. This information
is replicated automatically between domain controllers to ensure that every portion of the distributed
directory is up-to-date. By default, the replication of updates to Active Directory occurs automatically
every five minutes. Automatic replication of Active Directory information occurs only within the
security boundary of a specific domain. Domain controllers in one domain do not automatically
replicate with those in another domain.
20
Active Directory provides network administrators with centralized administration of all information
about resources on the network, and it provides both users and administrators with advanced search
capabilities for locating resources on the network.
Before we configure Active Directory, let's start with the following core components of the Active
Directory service in details.
 Forests
 Domains
 Domain Controllers
 Organizational units
 Sites
With so many parts to the Active Directory puzzle, it is important to understand their interrelationships.
Let's begin with forests and domains.
Forest
An Active Directory forest defines a collection of one or more domains that share a common schema,
configuration, and global catalog. All domains also share two-way transitive trust relationships.
Before going any further, let's pause for a moment and look at the key terms:
 Schema— The Active Directory schema is common to all domains in a forest. The schema is the
configuration information that governs the structure and content of the directory.
 Configuration— Configuration defines the logical structure of a forest, such as the number and
configuration of sites in the forest.
 Global catalog— Think of the global catalog as the yellow pages for a forest. It contains
information about all objects in the forest and, in particular, where to find them. Global catalogs
also contain membership information for universal groups.
 Trusts— Trusts provide a way to allow different domains to work together. Without trusts,
domains operate as completely separate entities, meaning that users in domain A would not have
access to resources in domain B. If a trust relationship is established between the domains so that
domain B trusts domain A, then domain A's users can access domain B's resources, provided that
they have the proper permissions.
With trusts, there are three general types.
o Transitive— Transitive trusts are automatically created trusts between all domains in the
same forest. They allow users in any domain to potentially have access to resources in
any other domain in the forest, provided that the users have the appropriate permissions.
o Shortcut— Shortcut trusts are trust relationships between domains in the same forest that
already have transitive trust relationships established. Shortcut trusts provide faster
authentication and validation of resource access between nonadjacent domains in the
same forest.
21
o External— External trusts allow domains in different forests to share resources. These
trusts are not transitive, meaning that they only apply to the domains for which they were
explicitly created.
How It Works
Forests provide a way of administering enterprise networks for a company whose subsidiaries each
manage their own network users and resources. Let's look at a sample forest. In Microsoft Windows
2000, a logical structure formed by combining two or more domain trees. For Example, a company
called CarPoint might have a domain tree with the root domain carpoint.com, while a subsidiary
company called Expedia might have a domain tree with the root domain expedia.com. Note that these
two companies do not share a contiguous portion of the DNS namespace; this is typical of trees in a
forest. The two companies might want to administer their own users and resources but make those
resources available to each other’s users. They can combine the two domain trees into a forest by
establishing a two-way transitive trust between the root domains of the two trees.
All trees in a forest must share a common directory schema and global catalog. The global catalog
holds information about all objects in all domains of the forest and acts as an index of all users and
resources for all domains in the forest. By searching the global catalog, a user in one domain can locate
resources anywhere in the forest. The global catalog contains only a subset of the attributes of each
object. This ensures fast searches for users trying to locate network resources.
Domain
A Domain is a logical grouping of users, computers, and resources that makes up a security and
administrative boundary. It is not a physical entity and doesn’t identify the actual network topology or
physical location of the network, but it provides a way to secure and organize objects. For example,
Microsoft.com and Amazon.com are domains. Computers in each domain share the common
configuration of that domain and may be subject to policies and restrictions set forth by the domain
administrators. The use of domains allows you to streamline security throughout your enterprise.
Domain Controllers
A domain controller manages information in the Active Directory database and enables users to log on
to the domain, be authenticated for accessing resources in the domain, and search the directory for
22
information about users and network resources. A Windows 2000 domain controller contains a writable
copy of the domain directory database.
Domain controllers are the servers that host the Active Directory. Every domain controller has its own
writable copy of the Active Directory database. Domain controllers act as the central security
component of a domain. All security and account validation is performed by a domain controller. Every
domain must have at least one domain controller. Run the Active Directory Installation Wizard to
promote any Windows 2000 member server to the role of a domain controller.
23
Organizational unit (OU)
Organizational units (OUs) are logical containers that are commonly used to define departments or
locations.
How It Works
An organizational unit (OU) can contain other OUs, or it can contain specific objects, such as those
listed here:
 Users
 Groups
 Computers
 File shares
 Printers
 Security policies
 Applications
OUs make possible the hierarchical structure of Active Directory. Objects in the directory are grouped
in tree-like structures for easier administration. OUs are displayed in Windows 2000 administrative
consoles as folders, much like the folders in a file system that store individual files. OUs are logical
groupings of users and resources in a domain; they simplify management of the domain by delegating
administrative tasks to specific people.
OUs are often used to duplicate the organizational structure of the company within Active Directory.
For example, a company might have OUs named Dev, Marketing, and Sales that represent the network
resources of these three departments. OUs can also be assigned according to geographical criteria
(New York, Los Angeles, and Detroit, for example) or by administrative function (Accounts, Shares,
and Printers). When you run the Active Directory Installation Wizard to install Active Directory on a
server running Windows 2000 (thus turning the server into a domain controller), a default
hierarchy of OUs is created. This default hierarchy helps you begin administering Active Directory. It
consists of the following OUs, which you can display by using Active Directory Users and Computers, a
snap-in for Microsoft Management Console (MMC):
 Builtin: Includes built-in security groups such as Administrators and Account Operators
 Computers: Includes other computers in the domain
 Users: Includes domain user objects
 Domain Controllers: Includes the domain controllers in the domain
24
Graphic O-5. Organizational unit (OU).
The hierarchical structure of OUs in Active Directory also simplifies the task of querying Active
Directory for information about network resources. OUs are useful in facilitating administration of
Active Directory and therefore in the administration of resources on the network itself. Administrators
use OUs to organize users and resources on the network, and to delegate administrative and other
rights and permissions to users and groups. The administrator has full access rights on all objects in
the directory and can assign permissions to various subtrees of OUs for appropriate users and groups.
For any OU, the administrator can delegate either of the following rights to specific users and groups:
 Complete administrative control: Full control over all objects in the OU

 Limited administrative control: The ability to modify only certain aspects of objects contained
in the OU
Access to objects in Active Directory is based on discretionary access control lists (DACLs), which
offer a security model similar to that used in the NTFS file system. Because objects with similar
security requirements are grouped into an OU, permissions assigned to the OU are inherited by all
objects in the OU. You assign permissions to OUs and other objects by using Active Directory Users
and Computers.
NOTE
If several domains are connected into a domain tree, each domain can have its own specifically designed
hierarchy of OUs. The structures of domains within a domain tree are independent of one another.
However, an OU can contain objects only from its own domain, not from any other domain within a
domain tree.
OUs are not part of the namespace of a company, which in Windows 2000 is based on the Domain
Name System (DNS). In other words, you can identify a Windows 2000 domain by using a DNS name
25
such as northwind.microsoft.com, but you cannot identify OUs within the domain by using DNS names.
However, you can specify OUs by using Lightweight Directory Access Protocol (LDAP) names.
You cannot create new OUs within the four default OUs previously listed. These default OUs simply get
you started in administering your network.
TIP
To create new OUs in Active Directory, select the desired parent container in Active Directory Users
and Computers, and choose Organizational Unit from the New submenu of the Action menu. You can
also use the console toolbar. The only information you need to specify when you create a new OU is its
name.
When you create an OU, you should consider who will own and manage it and who will be responsible
for the following tasks:
 Adding objects to or deleting objects from the OU

 Modifying the values of attributes of objects in the OU
 Managing permissions on the OU and its objects, and delegating the permissions to others
You can create OUs for groups of users who will be assigned similar permissions to network resources.
You can also create separate OUs for permanent and temporary employees. You can group shared
folders and printers with similar security requirements into OUs.
You should create OUs that are stable and will not change frequently, and you should avoid making the
hierarchy of OUs too complicated. In a multidomain scenario with a domain tree, it is usually a good
idea to make first-level OUs the same for all domains to provide consistency for the company’s network
resources. First-level OUs typically represent the following:
 Different geographical locations, such as countries or continents, or different functional

locations, such as headquarters and branch offices. This is usually the best way to define first-
level OUs.
 Different types of network resources, such as users, printers, computers, and so on. This
simplifies resource administration but might lead to too many first-level OUs.
 Different business units, such as Sales, Support, and Management. Keep it flexible and broad
enough so that if your company reorganizes, you won’t have to re-create everything.
 Projects and cost centers.
Keep the entire structure of OUs fairly shallow—no more than two or three levels—to ensure good
performance when users query Active Directory. A maximum of 10 levels of OUs is recommended.
You can use OUs in place of resource domains, which are used in Windows NT to simplify and
centralize administration of network resources. You can also create domain trees with separate domains
for resources. You should create new domains instead of OUs if you want to implement different
26
security policies in different locations or branches of your company or in an extremely large enterprise.
Otherwise, it is simpler to create only one domain and organize resources and administrative tasks using
OUs within that domain.
Site in Windows 2000
Site is a collection of computers that are grouped together to optimize the performance of domain
controllers. Sites are typically defined by geographical location and are connected by slower wide area
network (WAN) links. At least one domain controller must be located at each site, thus ensuring that
Active Directory runs at each site. Sites generally belong to one or more Internet Protocol (IP) subnets,
and computers within a site are joined by high-speed networking connections.
How It Works
You define sites to manage and reduce Active Directory logon and directory replication traffic on the
network. For example, when a user tries to log on to a Microsoft Windows 2000–based network,
authentication is automatically attempted first by domain controllers in the site where the user is located.
To optimize logon and replication traffic, sites should be groupings of servers connected by local area
network (LAN) or high-speed permanent WAN links. You can create sites to control which domain
controllers a group of workstations will use for network logons.
Sites contain two types of Active Directory objects: servers and connections. These objects are used to
configure Active Directory replication. You can schedule replication traffic between sites to occur at
off-hours to reduce network congestion. Replication traffic within a site (intrasite replication) uses
remote procedure calls (RPCs) with dynamically assigned port numbers. Replication between sites
(intersite replication) can use either TCP/IP or Simple Mail Transfer Protocol (SMTP) messages.
The topology of each site is stored in Active Directory. A site can contain domain controllers from
several domains, and domain controllers from a particular domain might be located in several different
sites. You can create sites by using Active Directory Sites and Services, a snap-in for Microsoft
Management Console (MMC). A default site is created the first time the Active Directory Installation
Wizard is run to create the first (root) domain controller of your enterprise.
To create additional sites, take the following steps:
1. Create a new site by using Active Directory Sites and Services.

2. Create a subnet (or use an existing one) and associate it with the site to indicate which portion of
your network is associated with the site.
3. Create a site link (or use an existing one) that represents a connection between your new site and
existing sites. Configure the transport, sites, cost, and schedule attributes of the site link as
desired.
4. If desired, create a site link bridge to reduce the number of site links that you need to create for
your new site.
5. Create a connection object using the Knowledge Consistency Checker (KCC) across each site
link between domain controllers in your new site and in linked sites.
27
6. Place domain controllers and global catalog servers in your new site as desired.
NOTE
Sites are not part of the Domain Name System (DNS) namespace for an Active Directory
implementation.
TIP
Try to limit the number of sites you use in your enterprise. Geographically separate locations of your
company that do not need domain controllers should be part of larger sites instead of separate sites.
There is no real advantage to defining multiple sites at a single physical location, and there are
disadvantages to doing so. For example, if all domain controllers in one site become temporarily
unavailable, workstations in that site will try to be authenticated from any other domain controller in the
domain, even if the domain controller is in a remote site. Once a workstation finds a domain controller
that responds to it, it will continue using that domain controller for all subsequent logons. This can cause
unwanted WAN traffic because Windows 2000 does not keep track of which sites are “near” a given site
in regard to network connectivity and speed.
Planning a site topology for your enterprise generally involves balancing good logon traffic with good
replication traffic. Be sure to take into account the available bandwidth of physical network links
between locations when you plan sites.
28
Steps to Install and Configure Active Directory in Window 2000 Server
When installing Windows 2000 Server, it is configured to work as "Standalone

Server".
When making the first logon , you will be presented with "Windows 2000
Configure Your Server":
You can continue the configuration at this time, but you can also select to close this windows and to
configure other items on the system or to install some other software, because this window will be
shown on each new logon until you have made the configuration and selected that this windows will
NOT be displayed anymore.
29
You can display
this
window at any
time by
selecting in the
menu
"Configure Your
Server",
which is part of
the
"Administrative
Tools"
There are multiple possibilities to configure a server for "Active Directory",

depending on whether you have a small network with just one server or a larger
network with multiple server or even a WAN with server in multiple countries.
In this installation example below, I assume that this is the only Windows 2000
server on the
network.
If you have no special needs for the configuration, then you can simply follow the
instructions of this wizard to configure your system:
- select "This is the only server in my network"
- continue with "Next":
30
31
This selection would "automatically configure" the server with all required
components:
- the Active Directory
- a DHCP-server
- a DNS-server (which is required for the Active Direcory)
Before allowing this wizard to reconfigure completely my system, I requested to

"Show more details":
32
The wizard would define for me the IP-address for the server and the subnet
for my complete network , which I did not like: I needed to use a different IP-
address. I decided therefore to cancel this step and to follow the advise to go
back to "Home" to select the other option : "One or more servers are already
running in my network" :
33
No more fully automated installation by a wizard:
34
We need now to select manually the services to be installed from the menu
on the left.
Lets select "Active Directory":
35
You have the possibility to read more about the details of domain controller and
on how to define multiple domain-controllers in a network. ( since this example
assumes only ONE Windows 2000 server on the network, I will not discuss here
the
terms "Tree" and "Forest")
Important:
the installation of the Active Directiry requires that at least ONE partition
on the harddisk is formated with NTFS. If you do not yet have such a partition, you
can cancel here the installation of the Active Directory, prepare a partition in NTFS
and then restart this configuration.
36
It is up to you to decide, which partition to use with NTFS. I personally prefer to
keep the C-drive ("system drive") in FAT format, so I formatted in this example
the F-drive in NTFS .
Continue the installation with "Start the Active Direcory Wizard"
just "Next"
We are installing the first Domain Controller
37
Again, we are installing a first domain controller and for this domain, we need to
create a new domain tree.
Example: I will call below my domain "JHHOME.COM".

If I would now create a second domain called: "SUPPORT.JHHOME.COM", it would
be part of the same domain tree as JHHOME.COM
Like in nature, trees usually grow in a forest , and using this comparison, we need
to define the forest for our domain tree.
38
In general, each new top-level domain name (like: JHHOME.COM) would be a new
forest.
Since this is our first domain, we need to create a new "forest"for our "Domain
Tree" (which is then the only tree in our forest).Here is a difference compared to
nature: one tree is just one tree and not a forest, but with computers, it is
just a matter of definition)
It is now required to define
the name of the new domain.
As I was used with Windows9x

and Windows NT4 networking,
I selected the name of the
workgroup to become the new
name of my domain.
However, note already the

exact message:
"Full DNS name for new
domain".
As you are used to see with
Internet Domain names, a
network Domain should have
now a second part separated
by a dot.
39
To avoid problems, I am redefining my domain name to be now: "JHHOME.COM",
which looks like an Internet Domain name. (I am not sure, but if you insist on
using no "dot-something", Windows 2000 will add itself ".COM" )
It does NOT matter, whether this name is registered and in use already on the
Internet, because you will be using it only on your own network, and as long as
you are not registering this domain name as Internet Domain name, it will NOT be
known by the Internet users.
40
While a network with ONLY Windows2000 systems can work using only DNS, any
network with "legacy" versions of Windows (WfW, Windows95/98/ME,
Windows NT4) requires the use of "NetBIOS", either using "NetBEUI" -protocol
or
using "NetBIOS over TCP/IP", for which I need to define a NetBIOS compatible
Domain name. Here I can use now the name of the workgroup, which I like to
change to a domain.
You need to define the location for the database and Log-file
for the Active Directory.
(on my system, I did not have the 200 Mbyte free disk capacity on my C:-
system drive, so I was required = forced by the installation wizard to store this
information to a different drive )
41
Remember the window with the information on the Active Direcory stating the
need to a partition in NTFS ?
At this time, the "SYSVOL" folder must be defined on an NTFS Disk-partition.
The SYSVOL folder will be later visible as part of the "Network Neighborhood"
or "My Network Places" and will contain user specific file, and to be able to
control the access to these files, that partition must be NTFS (since it is not
possible to use a FAT partition to define Access rights)
42
Active Directory is based on using a DNS-server. Since I did not yet install /
configure a DNS-server, it is now required to install it.
Unless you are an expert on DNS-server setup, please follow the

Recommendation of the wizard to let the wizard install now the
DNS-server.
Again the question: will you have a network with some "legacy" systems
(= all pre-Windows 20000, like Windows95/98/ME/NT4)
43
Let's hope, that we will never have to use this password
for a Restore operation......
The summary of all the information collected in the

previous steps.
Selecting now "Next" will start the installation of the Active Direcory and
of the DNS-server.
44
You may have to be patient now for a LONG time : Please, just WAIT !
It will need to install DNS
You may have to insert your Windows2000 CD-ROM or point the wizard
to the installation files on the disk (if you copied them from CD-ROM to
an I386 folder, as it is often done on NT-installations)
45
Click “Finish Button” to Finished!
You need to restart !
After making the Logon, you will be shown again the window for "Configure Your
46
Server":
the information has changed, since you did already make the basic configuration.
You can now select to NOT "Show this screen at startup".
You are now able to define Active Directory Users.
If you need to change your configuration and make the system again a Stand-
alone server, you can un-install Active Directory.
47
2.4 Installing and Configuring DHCP Server
Introduction
DHCP server is a server that dynamically allocates IP addresses to client machines using the Dynamic
Host Configuration Protocol (DHCP). DHCP servers perform the server-side operation of the DHCP
protocol. The DHCP server is responsible for answering requests from DHCP clients and leasing IP
addresses to these clients.
DHCP servers should have static IP addresses. A DHCP server gives DHCP clients at least two pieces
of TCP/IP configuration information: the client’s IP address and the subnet mask. Additional TCP/IP
settings can be passed to the client as DHCP options.
NB.
Automatic Private IP Addressing (APIPA)— If no DHCP server is available, clients will give
themselves an IP address in the 169.254 subnet .(in Workgroup Configuration)
How It Works
DHCP is a client-server protocol that uses DHCP servers and DHCP clients. A DHCP server is a
machine that runs a service that can lease out IP addresses and other TCP/IP information to any client
that requests them. For example, on Microsoft Windows 2000 or Windows 2000 Advanced servers you
can install the Microsoft DHCP Server service to perform this function. The DHCP server typically has
a pool of IP addresses that it is allowed to distribute to clients, and these clients lease an IP address from
the pool for a specific period of time, usually several days. Once the lease is ready to expire, the client
contacts the server to arrange for renewal.
DHCP clients are client machines that run special DHCP client software enabling them to communicate
with DHCP servers. All versions of Windows include DHCP client software, which is installed when
the TCP/IP protocol stack is installed on the machine.
DHCP clients obtain a DHCP lease for an IP address, a subnet mask, and various DHCP options from
DHCP servers in a four-step process:
1. DHCP-DISCOVER: The client broadcasts a request for a DHCP server.

2. DHCP-OFFER: DHCP servers on the network offer an address to the client.
3. DHCP-REQUEST: The client broadcasts a request to lease an address from one of the offering
DHCP servers.
4. DHCP-ACK: The DHCP server that the client responds to acknowledges the client, assigns it
any configured DHCP options, and updates its DHCP database. The client then initializes and
binds its TCP/IP protocol stack and can begin network communication.
48
Graphic 5.4.1 Dynamic Host Configuration Protocol (DHCP).
DHCP lease renewal consists only of steps 3 and 4, and renewal requests are made when 50 percent of
the DHCP lease time has expired.
Create a plan.
Before you configure your DHCP server, it is a good idea to have all your ducks in a row. Prepare and
have all the necessary information up front before sitting down and configuring your server. For
example, you may need to know:
 The scope of IP addresses that your server will manage (e.g., 192.168.1.50 to 192.168.1.200).
 Which machines require static IP addresses (i.e., those machines such as servers and routers
that will not use DHCP to receive their IP addresses but will be set manually).
 Which network information you want to send out to DHCP clients when they get their IP
addresses (e.g., the addresses for your default gateway, DNS servers, and WINS servers).
It is much easier to configure your DHCP server with this information at hand rather than scrambling for
it at implementation time. The following are the general steps for installing and configuring DHCP:
 Install the Microsoft DHCP Server service.
 A scope or pool of valid IP addresses must be configured before a DHCP server can lease IP
addresses to DHCP clients.
 Global scope and client scope options can be configured for a particular DHCP client.
 Authorize the DHCP server.
 The DHCP server can be configured to always assign the same IP address to the same DHCP
client.
Install the Microsoft DHCP Server service.

The DHCP Server service must be running to communicate with DHCP clients. Installing DHCP on a
Windows 2000 Server or Advanced Server is a fairly simple process. During the installation, you might
get prompted to insert your Windows 2000 Server or Advanced Server CD (or locate the i386 folder on
a local or network drive). Once DHCP Server service is installed and started, several options must be
configured.
Steps to install DHCP Server Service:

49
1. Open the Control Panel and double-click Add/Remove Programs.
2. Click Add/Remove Windows Components.
3. Highlight Networking Services and click Details.
4. Select Dynamic Host Configuration Protocol (DHCP) as shown in Figure A and click OK.
5. Click Finish when prompted.
Figure A
Configuring your DHCP server

After you install a DHCP server service, go to Start | Programs | Administrative Tools | DHCP to open
the Windows 2000 console for managing the DHCP service (see Figure B).
Figure B
50
Creating a DHCP Scope
Before a DHCP server can lease an address to DHCP clients, you must create or define a scope. A
scope is a list of valid IP addresses you want the DHCP server to be able to assign to clients. When a
machine requests TCP/IP information from the DHCP server, the information is provided from the
scope you created. There are two types of scope options: Global and Scope. Global options are
propagated to all the scopes that you create on that DHCP server, while Scope options are only for the
individual scope that you are working with. For example, if you have different scopes for several
different subnets and each subnet will have a different default gateway but will share the same DNS
servers, you would want to set the DNS servers as a Global option while the default gateways would be
set separately in each scope as a Scope option.
When creating a DHCP scope, consider the following points:
 You must create at least one scope for every DHCP server.
 You must exclude static IP addresses from the scope.
 You can create multiple scopes on a DHCP server to centralize administration and to assign IP
addresses specific to a subnet. You can assign only one scope to a specific subnet.
 DHCP servers do not share scope information. As a result, when you create scopes on multiple
DHCP servers, ensure that the same IP addresses do not exist in more than one scope to prevent
duplicate IP addressing.
 Before you create a scope, determine starting and ending IP addresses to be used within it.
Depending on the starting and ending IP addresses for your scope, the DHCP console suggests a
default subnet mask useful for most networks. If you know a different subnet mask is required
for your network, you can modify the value as needed.
51
NB
Every DHCP server is required to have at least one scope. You can, however, create multiple scopes on
a DHCP server to administer different subnets.
To define a scope using the Create Scope Wizard:

1. Click Start, point to Programs, point to Administrative Tools, then click DHCP.
2. In the console tree, click the applicable DHCP server.
3. From the Action menu, select New Scope to launch the Create Scope Wizard, and then click
Next.
4. Type a name and description of your scope (Figure C) and click Next.
Figure C
5. Enter the start and end IP

addresses of your scope. Remember to also assign the appropriate subnet mask as well (Figure
D). Click Next.
Figure D
52
6. This window is where you specify all of your static IP addresses to exclude from your scope
(Figure E). Add any exclusions and click Next.
Figure E
7. Enter the amount of time the lease is active (Figure F) and click Next.
Figure F
Advance Configuration ( Optional)

8. The next screen asks you whether you want to configure your DHCP options now or later. For
this article, we will select Yes, I Want To Configure These Options Now and click Next.
53
9. Enter your domain name and add the IP addresses for your DNS servers as shown in Figure G.
Figure G
10. Enter the addresses of any WINS servers you configured on your network for resolving NetBIOS
names into IP addresses, as shown in Figure H.
Figure H
54
11. Choose Yes or No to indicate whether to activate your scope. There is still more work to be
done, so we will choose No, as shown in Figure I.
Figure I
1. Click Finish.
Superscopes
Some networks implement superscopes, which are collections of scopes that are grouped to allow
multiple logical subnets on one physical network. For more information on creating superscopes, see
Microsoft’s article Q161571: “Using DHCP ‘Superscopes’ to Serve Multiple Logical Subnets.”
Adding reservations
In addition to specifying exclusions, you can add reservations to your DHCP server. By adding a
reservation, you ensure that a machine always receives the same IP address from the DHCP server.
To add a reservation:
1. From the DHCP console, click the + sign next to the scope you created.
2. Click Reservations and select Action | New Reservation, as shown in Figure J.
Figure J
55
3. Enter a friendly name for the reservation and the IP address you want to assign to the computer
or device.
4. Enter the MAC address of the computer or device. (For Windows NT/2000 machines, you can
find the MAC address by running ipconfig/all from the command prompt of the machine.)
5. Enter a description and then choose the following reservation type: DHCP, BOOTP (going
across a router), or both, as shown in Figure K. Click Add.
Figure K
Authorizing the DHCP server and activating scopes

Remember that after you install and configure your DHCP server, you will need to authorize your
scope before it can be activated. Authorizing your DHCP server allows you to prevent hackers from
configuring rogue DHCP servers.
To authorize your DHCP server:

1. From the DHCP console, click on the DHCP icon.
2. From the Action menu, select Manage Authorized Servers, as shown in Figure L.
Figure L
56
3. Click Authorize and enter the name or IP address for your server (Figure M).
Figure M
4. Now you’re ready to activate your DHCP server and bring it online. Click the scope you created
and choose Activate from the Action menu (Figure N).
Figure N
57
Troubleshooting DHCP
After configuring DHCP, the easiest way to troubleshoot is to use Ipconfig from a command prompt in
Windows NT/2000. To view all TCP/IP information on a machine. just type ipconfig/all from a
command prompt. To release a DHCP lease, type ipconfig/release; to renew a lease, type
ipconfig/renew.
On Windows 98 machines, you must use the Winipcfg utility to access TCP/IP information. You can
access this utility by choosing Start | Run and typing winipcfg. From there, you can click the Release
and Renew buttons to access other options.
Chapter -Three
NETWORK ADMINISTRATION
3.1 Conceptualizing network administration
Network Administrator is a person who responsible for planning, configuring, and managing
the day-to-day operation of the network. Network administrator is also called a system
administrator. All network administrators are concerned with the same tasks regardless of
which operating system they use.
For example network administrator must perform the following tasks
- Create, rename, and delete a domain user account.
- Reset password for a domain user account
- Create and manage Groups
3.2 Creating Domain User Accounts

Domain User Accounts enable users to log on to domains or computers and access any resources
in the domain for which they have appropriate permissions. This is in contrast to local user
accounts, which are used only for logging on to a specific machine (such as a local Computer) and
accessing resources on that machine.
58
Domain user accounts are created in Active Directory and stored in organizational units (OUs).
Domain user account information is replicated to all domain controllers in a domain using
directory replication. This replication enables the user to quickly and easily log on from any part
of the domain.
You create domain user accounts using the administrative tool called Active Directory Users and
Computers, a snap-in for the Microsoft Management Console (MMC). You can create domain user
accounts in the default Users OU or in any other OU that you have created in Active Directory.
Steps to Create Domain User Accounts
1. Log on as administrator
2. click start, point to program, point to administrator tools then click active directory users
and computers windows 2000 displays the active directory users and computers.
3. Expand Microsoft.com (if you did not use Microsoft as your domain name expand your
domain) and double click user in the detail pane, notice the default user accounts which user
accounts does the active directory installation wizard create by default.
4. Right- click users, point to New then click user , windows 2000 display the new object
user dialog box
5. Type first name, last name & logon user name on the respective place
6. Click Next to continue
7. In the password box and the confirm password box, type the password or leave these
boxes blank if you are not assigning a password if you enter a password notice that the
password is displayed as asterisk as
8. Check on
 User most change password at next logon
 Select this if you want the user to change password at next logon
 User cannot change password
Select this to prevent password changes by any one including Administrator.
 Password never expires
Allow password to remain to valid beyond its expiration date.
(N.B account will expire within one month.)
 Account is disabled
 select this to prevent user to not logon and gain access on the network ( to disable an
account).
3.3 Modifying Domain User Account properties

Steps to rename a Domain User Account
Sometimes we rename domain user account if there is a naming convention change.
 Right click on the domain user account and click properties
 Click General Tab to change first name and last name
 Click account tab to change user logon name
 Click apply and Ok
Steps to delete a domain User account
Some times the user leaves the company never to returns, so you can delete this
user account from your directory.
 Select the account that you want to delete and press delete key or
59
 Right click on the account click Delete
To reset password for a domain user account.
Members of the domain Administrator Group can reset passwords for anyone including the
administrator account and other domain administrators.
 Select domain user account
 Right click on it and click Reset password…
 Type your new and confirm password, if you want to allow user to change password at
next logon select  User must change password and click ok.
Configuring Logon hours and Account Expiration

Logon Hours: the hours that this account can log on to the domain. By default, domain logon
is allowed 24 hours a day, 7 days a week. Note that this control does not affect the user's
ability to log on locally to a computer.
LogOn to: specify from which computers this person may log on to the network.
Account Expiration: allow the account to expire on a specified date.
To Specify logon hours

1. In the Console three of the Active Directory Users and Computers console, expand Users.
2. In the details pane, right-click on the Domain user account that you want to specify logon
hours, then click Properties.
3. Click the Account tab, and then click Logon Hours button.
Windows 2000 displays the Logon Hours dialog box
4. To restrict the user’s logon hours, click the start time of the first period during which you
want to prevent the user form logging on and then drag the pointer to the end time for the
period.
A frame outlines the blocks for all of the selected hours
5. Click Logon Denied.
The outlined area is now a white block, indicating that the user will not be permitted to
log on during those hours.
6. Click Ok to close the logon hours dialog box
7. Click Ok to apply your setting and close the user properties
To specify from which computers the Domain user account log on to the network.
2. In the details pane, right-click on the Domain user account that you want to specify the
computers, then click Properties.
3. Click the Account tab, and then click Log On To button.
4. Click The following Computers option and then type or add the computer name that you
want to specify for the user.
5. Click Ok to Close the Log On To dialog box
6. Click Ok to apply your setting and close the user properties
To set account expiration for a user account
2. In the details pane, right-click on the Domain user account that you want to set expiration
time, then click Properties.
3. Click the Account tab
4. Click End of option from Account Expires area and then set the date.
60
5. Click Ok to apply your changes and return to the Active Directory Users and Computers
console
2. 4 Groups Managements
Group
A collection of user accounts. Groups simplify the task of network administration by allowing
administrators to group similar user accounts together in order to grant them the same rights and
permissions.
The scope of a group is the portion of the network where the group can be granted rights and
permissions. For example, a group whose scope is global can be granted permissions to resources
in its own domain and to resources in trusting domains. On the other hand, a group whose scope
is local can be granted permissions to resources only on the machine where it was created.
On Microsoft Windows 2000 -based networks, groups are created using Active Directory Users
and Computers. Groups are stored as group objects within Active Directory.
There are two types of groups in Windows 2000–based networks:
 Security groups: are used to collect users, computers and other groups into manageable
units. When assigning permissions for resources (file shares, printers, and so on),
administrators should assign those permissions to a security group rather than to
individual users. The permissions are assigned once to the group, instead of several times
to each individual user. Each account added to a group receives the rights and permissions
defined for that group.
Can contain members and can be granted permissions in order to control user access to
network resources. Security groups have three different levels of scope. Also, security
groups in Windows 2000 can contain users, other groups, and even computers.
 Distribution groups:
Used for nonsecurity functions such as grouping users together to send e-mail. Unlike
security groups, these groups cannot be used to control user access to network resources.
These two types of groups are stored in Active Directory. There are three levels of scope for
security groups in Windows 2000–based networks:
 Universal groups:
Can contain members from any domain and can be granted permissions to resources in any
domain in the current domain forest. Universal groups can contain user accounts, global
groups, and universal groups from any domain in the current forest. Note that you can
create universal groups only when the domain is in native mode, and not in mixed mode.
 Global groups:
Can contain members only from their own domain, but can be granted permissions to
resources in any trusting domain. When the domain is in native mode, global groups can
contain user accounts and global groups from the same domain. When the domain is in
mixed mode, these groups can contain only user accounts. These groups are used to
automatically organize users into common groups for administrative purposes, and they
exist only on Windows 2000/NT domain controllers.
Three built-in global groups exist:
61
 Domain Admins: Initially, this group contains only the Administrator account
that was created during setup. Only people with administrative responsibilities
should be assigned to this group.
 Domain Guests: This group contains the Guest account and is designed for
organizing temporary users of network resources and granting them access.
 Domain Users: When a new user account is created, it is automatically added to
this group. The function of this group is to collect all ordinary users for the
purpose of assigning them permissions to resources on the network.
 Domain local groups:

Can contain members from any domain, but can be granted permissions only to resources
in their own domain. However, unlike the local groups of Windows NT, a domain local
group can be granted permissions to resources on all servers (both the domain controllers
and member servers) in its domain. When the domain is in mixed mode, domain local
groups can contain user accounts and global groups from any domain in the forest. When
the domain is in native mode, they can also contain domain local groups from their own
domain and universal groups from any domain in the forest.
You can create new group
 If you have different department and you need to put every account in that group.
 Instead of assigning permission t individual user you create a group and you make an
account (users) a member of that group and permission can be assign only to a group.
 To simplify NW maintenance and administration.
There are two kinds of groups:
 Security groups
 Distribution groups
Security groups are used to collect users, computers and other groups into manageable units.
When assigning permissions for resources (file shares, printers, and so on), administrators should
assign those permissions to a security group rather than to individual users. The permissions are
assigned once to the group, instead of several times to each individual user. Each account added to
a group receives the rights and permissions defined for that group. Distribution groups can only
be used as e-mail distribution lists and they have no security function.
Scope of group
 Local
 Global
Local groups created on individual servers and right can be assigned only to local resources.
Global groups created on individual servers and right can be assigned to any resources in the
network.
Steps to create a global group in a domain
1. Log on as administrator
2. click start, point to program, point to administrator tools then click active directory users and
62
computers windows 2000 displays the active directory users and computers.
3. Expand Microsoft.com (if you did not use Microsoft as your domain name expand your
domain) and double click user in the detail pane, notice the default user accounts which user
accounts does the active directory installation wizard create by default.
4. Right- click users/Organizational Units, point to New then click Group , windows 2000
display the new object user dialog box
5. Type Group Name and Select Global from the Group Scope
6. Click Next to continue
7. Click Finish Button to finish the wizard.
Chapter -Four
NETWORK TROUBLSHOOTING
4.1 Conceptualizing Network Troubleshooting

Troubleshooting a network is, by definition, more complex than troubleshooting a single
computer, because the problem can be caused by one of several computers or other devices, or by
any of the connections that join them together. One of the primary functions of the network
administrator is to be there when something goes wrong. Troubleshooting skills are a
combination of common sense and knowledge about the hardware and software that make up
the network.
Optimism versus Pessimism

There are two fundamental methods for approaching any network problem: the optimistic way
and the pessimistic way. Some try to define what's right, while others try to look for what's
wrong. Perhaps this is why so many find troubleshooting to be so difficult. If there were a way to
go straight to the problem—consistently—then everyone would do it.
63
Unfortunately, the pessimists (those who look for what's wrong) can quickly find the problem
—sometimes. Those few victories make the pessimists believe that their troubleshooting method
is tried and true. Is there a method to the pessimistic approach? The most common thread in
pessimistic troubleshooting is pure experience. With experience, anyone can be a master of
troubleshooting certain technologies, but try telling your manager, or client (for the brave souls
that work at a help desk), to wait ten years for you to solve the problem while you gain
experience. While that might be fun to say, most of us don't think that the wait-and-learn strategy
will keep you employed for very long. Pessimism generally works very well for hardware
troubleshooting.
For example, on a few occasions some technicians have been able to say, "That smells like a bad
power supply," and have been right on the money. Unfortunately, software troubleshooting is not
as easy as smelling the air, not that hardware is always that easy either, so you cannot always
assume that the approach that works for finding bad power supplies will fix your IIS server.
While some pessimists have made a living troubleshooting hardware, so have some optimists. No
matter what you troubleshoot, the optimistic approach is always predictably the same—
methodical but successful. Stepping through a process of finding what's right may seem tedious at
first, but with practice it becomes very elementary. To illustrate the optimistic approach, consider
a common example of lost network connectivity. Suppose that Max, a user on your network,
cannot connect to the company intranet server to view his employee handbook. Here's the
optimist's way of resolving the problem.
1. Can I ping the intranet server by its host name from my system? Yes? Great—I have name
resolution, so DNS works; and since I can ping, that means that network connectivity from my
system to the server is good.
2. Since I already found that inbound network connectivity to the intranet server was good in step 1, I
look for a network problem associated with Max's computer. A quick look at his network interface
card's (NIC) that it's unplugged from his workstation. Problem solved!
4.2 Network Troubleshooting Process

This chapter examines some of the basic aspects of the troubleshooting process and how to
proceed from the investigation of a problem to its resolution.
The process of troubleshooting a computer network can be divided into the following steps:-
1. Defining the problem (Identify the exact issue)
2. Documenting the History of the Problem
3. Analyzing the Current Environment
4. Correcting the problem
5. Testing the corrective action
6. Following up
7. Document the problem and the solution
Step 1: Defining the problem

Problem reporting usually begins at the user level. The trouble call could begin with "The printer
doesn't work," or "E-mail is down," and usually ends with "I didn't change anything on my
computer." On many occasions, the end user may be the least helpful in aiding you to arrive at the
64
cause of the problem. If the problem is server or network related, then most likely the user will
not be able to offer too many clues, except that many users likely will report the same problem.
In this stage of the troubleshooting process, you are only looking to identify the "what" of the
problem (exactly what is going wrong) and it needs to be documented. For example, "Max cannot
connect to the company intranet server by using its host name." could be a problem. Once you
have the problem documented, the next step is to look at the computer's, network's, and
application's history.
Step 2: Documenting the History of the Problem
Many problems are fixed by simply undoing something that was done earlier. Perhaps the
installation of a new driver is causing the network card to no longer function. In this case, you
could simply roll back to the previous driver or reinstall the correct driver. While this example
may seem elementary, problems such as this one have the potential to turn in to multihour
adventures simply because the technician failed to ask the user a few questions.
Once a problem is reported, ask the user what, if anything, was recently done to the computer.
Good questions to ask include these.
1. Have you recently installed anything (hardware or software) on the computer?

2. Did you receive any error messages? If so, what did they say?
3. Does a single user or all users on the system experience the problem?
4. When was the last time the system was backed up?
5. When did you first notice the problem or error?
6. Is the problem related to certain software you run or something you do?
7. What does the problem or error look like?
As you continue to ask questions, you can begin to focus on the following list
1. Are you or all users affected by the problem? (If only one user has a problem, the
user’s workstation is probably the cause)
2. Did the problem exist before operating system upgrade? (Any change in Operating
system Software can caused new problem)
3. Are there new users on the network? (Increased traffic can cause logon and
processing delays)
4. Does the problem appear with all applications or only one? (If only one application
causes problems, focus on that application)
For company-wide problems, your best course of action is to check with the IS department
manager. If your Exchange server, for example, had to be taken down for a reboot when an
application was installed and you were unaware of the issue, you may wind up wasting time
troubleshooting a user's Outlook client configuration, when all that was needed was to tell the
user to wait a few minutes. This will save you the embarrassment of saying, after looking at the
user's Outlook setup, "I don't know what I did, but I must have fixed it!"
65
Aside from arriving at system history from interviewing the users, don't forget that many
operating system occurrences are automatically recorded in the event log, which is a great place
to find information on a computer's history.
To access the Event Viewer, click Start > Administrative Tools > Event Viewer.
Two event logs that consistently provide system history information are the system
log and the application log.
Step 3: Analyzing the Current Environment
With history documented, you should next turn your attention to analyzing the current network
and local system environment. The type of problem, whether it is local or network related,
determines your course of action in this phase. When you examine the environment, attention
should primarily be focused on the following areas:
Operating system state

Latest virus scan
Network configuration
Installed applications
Good Computer, Bad Computer
check the simple staff
If time and resources permit, another aspect of analysis is to compare the problem system with a
known good system. Each of these facets of the environment analysis is described in the next six
sections.
Operating System State
Several problems occur that are simply bugs in the operating system and can often be solved by
upgrading the operating system to the latest service pack or by installing a hotfix. Service packs
are tested improvements to the OS that normally fix up to hundreds of small problems and
sometimes add additional features to the operating system. On the other hand, hotfixes are used
to fix a single problem that requires immediate attention. Since hotfixes are not as thoroughly
tested as service packs, you should only install a hotfix when it is needed.
You can determine if an operating system is at its current required service pack/hotfix state by
running Windows Update, provided that the system has Internet connectivity. Beginning with the
XP/W2K3 Windows platforms, you can configure the Windows Update service to automatically
download critical updates, thus automatically keeping your systems current. This is especially
useful with your IIS servers, when security vulnerabilities are found on nearly a monthly basis.
Latest Virus Scan
Many unusual workstation or server problems can be attributed to a virus. Even if your network is
not connected to the Internet, you may want to install antivirus software, since many viruses enter
66
enterprise-scale corporate networks by being brought in on a user's floppy disk. On the other
hand, if your network is connected to the Internet, antivirus software can give you a false sense of
security. To prevent this, many organizations today are blocking outbound access to most Hotmail
sites, thus not even giving the users the opportunity to bring viruses into the network via their
personal mail. No one can place a firm argument that accessing personal mail from the desks at
work is a business necessity, so if you do plan to block outbound access to these sites, you
shouldn't get much of an argument. Oftentimes, problems that appear to be an operating system
or application failure are the result of an undetected virus. Failure to first rule out the possibility
of a virus (by running a virus scan using up-to-date antivirus software) may cause you to waste
hours of unnecessary troubleshooting time. Some technicians have gone so far as to waste hours
reinstalling an entire operating system, only to have the problem return, which would be the case
if a boot sector virus was never properly removed. Antivirus software can go a long way toward
eliminating what's right when you are faced with diagnosing operating system and application
faults.
Now let's suppose that you have the latest and greatest antivirus software installed on all your
workstations and servers. To be protected against viruses, you should be able to answer "Yes" to
each of these questions.
 Are periodic virus scans scheduled so that they run automatically on each system?
 Is each system configured so that it will automatically download the latest virus
signatures?
If you answered "No" to one of these questions, then your network is not as safe as it should be. In
many situations, a company's data is its value, so not having a budget to purchase and implement
an enterprise-class antivirus solution is simply an excuse for the misinformed. Unfortunately,
some organizations don't learn the value of antivirus software until its stops business production
for one or several days.
Network Configuration
The next environment and local computer settings to examine should be the network
configuration. The fastest means to find the network configuration settings on a computer is to
run the ipconfig / all command from the command prompt. The command's output is shown in
Figure 7-1.
Figure 7-1
Ipconfig/all
Output
67
Information on each network interface is displayed in the command output, including all the
important TCP/IP configuration information.
Installed Applications
Next, note the applications installed on the system. Does the problem occur when an application
executes? Was a new application recently installed, and has its installation resulted in the
reported problem? Does the problem only occur when a particular application is printing? If you
can get a "Yes" answer to any of these questions, then you are in luck since these types of
application-related problems can be reproduced, and thus you can duplicate the fault yourself.
If the application has services that run on startup, a quick check is to note the application's related
services and their dependencies. There may be a hung service that is at the root of the problem.
Most likely, as mentioned earlier in the Documenting the History of the Problem section, you will
find evidence of this type of problem in the application log in the Event Viewer.
Remember, each of these checks is nothing more than clues to help you solve the mystery of the
reported fault. In noting the installed applications and their relevance to the fault, you are
collecting evidence that may aid in the eventual problem resolution. For software-related
problems that integrate with hardware, another fault possibility to closely scrutinize is firmware,
which is covered next.
Good Computer, Bad Computer
If resources and time permit, another proven method for isolating faults on a system is to compare
it with a known good reference. If you have two identical workstations, for example, you could
compare the settings of each. If one system is not able to access the network, moving it to another
desk with a known good connection allows you to eliminate or confirm that the network is the
problem.
For software-related faults, you could compare network settings, such as DNS or WINS server
addresses, or subnet masks. For troubleshooting a network with which you are not familiar,
comparing the settings of two computers is often an easy way for you to quickly learn the
software configuration on the network. Otherwise, if it is a network that you have been managing
for some time, you probably already know the correct configuration information, and this would
be an unnecessary step.
68
Check the simple staff
The correct login procedure and right
User must follow the correct login procedure exactly sometimes user make a problem
- By typing wrong user name or password including leaving the caps lock key
pressed.
- If a user doesn’t login at the right time or from the right workstation, the network
OS will reject the login request.
- If the user tries to establish more connections than allowed, access will be denied.
To test this kind of problem
First check to see if the user has typed their login correctly.
 Make sure caps lock isn’t active.
 Try to login from another workstation.
 Check the network documentation to see if there is restriction.
The link light
o The link light is a small light-emitting diode (LED) found on both the NIC and hub
indicating that they are making a logical connection.
o It is typically green, if link light are lime on both the workstation is connected.
The power switch

o All computers and network components must be turned on and powered up. You need to
check that all power cables are plugged in including
 Bad power cable

 Bad outlet
 Bad electrical wire
 Blown fuse.
Any of the above items can cause power problem at your devise.
The hardware or software causing the problem.
 A hardware problem can be Hard disk failures, Bad path cable, connectivity devices failures
like Hubs, Switches and some components may just suddenly fail.
 The solution to hardware problem usually involves either changing hardware setting or
replacing hardware.
 In addition to this I/O address, IRQ and DMA conflicts can cause computers to malfunction.
The software problem can be

 Windows program error
 Suddenly stop responding (hang)
 Entire machine might lock up randomly
The cable
 Check to see if the cables are properly connected to the correct port. If you test the NIC
and there is no link light, the problem could be related to a bad path cable.
The error message.

 Error messages are assigned by programmers to help them determine what aspect of a
computer system is not functioning correctly. It is one of the best indicating of the cause
of a problem.
Eg. Disk full message (indicating that the disk can not stores any more files on it)
69
Step 4: Correcting the Problem
Once you have identified the problem, you will be faced with choices on how to correct it. While an
optimal fix for any problem normally exists, several workarounds probably do as well. The way
you go about correcting a problem can be just as important as the process of identifying the
problem in the first place. This section addresses how to approach correcting problems once you
have found them and looks at the consequences to the many workaround solutions.
When Speed Is of the Essence
Your time is valuable, just as it is for the network users, so if you can fix a problem in minutes,
then do so. When a server or system needs to be brought up as quickly as possible, performing a
restore from backup might be the fastest approach. Of course, if your problem is with a high-
gigabyte or -terabyte file or a database server, then restoring from backup will most likely be the
last resort.
For workstations, if you have a clone image from imaging software such as Ghost, or from
Microsoft's Remote Installation Service (RIS), then you could perhaps consider reimaging the
machine. If all of the user's business-related files are stored on a server, then reimaging the user's
system should be your first course of action. The user, on the other hand, may not like losing all of
his or her MP3s and other personal files stored on the workstation, but downloading some non-
business-related application may have been what caused the problem in the first place.
Unfortunately for you, the decision to reimage or not to reimage might be driven by politics. If the
CEO's laptop is having problems, odds are that you will be tasked with fixing the system at all
costs, and reimaging would become the absolute last resort.
Another example, If you determined earlier that the cause was improper configuration of
DNS/DHCP lookup on the server, you will configure it again.
Step 5 : Testing the Corrective Action
Now that you have corrected the problem, make sure that you test your corrective action first
before sending out an e-mail alerting the company that you have triumphantly (successfully)
conquered the problem. Just because your system can connect to a server that was down, or you
can now run a problematic application on a terminal server, don't assume that everyone can. On
several workstations, including the workstation from where the problem was originally reported,
verify that your solution has successfully resolved the problem.
Many troubleshooters have made the mistake of proclaiming victory too soon, only to realize that
what works on one system, still fails on all others. If you had to update software on several
terminal servers, Internet servers, on intranet servers, test connectivity to all servers that were
updated, and not just a select few to ensure that the update completed successfully.
Steps 6: Following Up
If you cannot permanently resolve a problem and you simply institute a hack to work around the
true problem, don't forget to follow up and budget time to fix the real problem. If you use Outlook,
you may consider placing a follow-up event at a later date in your calendar with a reminder for
70
the event. This way, you can ensure that you will not forget to follow up your corrective action
with any additional work.
If user error was the source of the problem, you may need to train the user on his or her mistake.
Explain the problem and the solution using simple word. If multiple users are making the same
mistake, then scheduling instructor-led group training may be the best course of action, to prevent
the fault from reoccurring in the future.
Aside from users, also make sure to check at periodic intervals that your corrective action has
improved performance on the systems and network components themselves. The application and
system event logs should be periodically scanned on the problem systems in the weeks that follow
the corrective action, to verify that no residual problems remain.
Step 7 : Document the problem and the solution

 Network document is very important for you to solve a similar problem arises in the future.
71

Network Module Practical II

Uploaded by

Copyright:

Available Formats

You might also like

Network Module Practical II

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Module Practical II

Uploaded by

Copyright:

Available Formats

Chapter -One

INSTALLING PEER TO PEER NETWORK

1.1 Conceptualizing Peer-to-Peer network

- Network connectivity device: Hub and Modem

 Steps to install network protocols and services

1.2 Configuration the Workgroup

 Steps to join a workgroup

1.3. Sharing and Accessing Resources

There are many advantages to sharing devices and files:

Creating an Internet Connection

2. Right-click the dial-up connection, and then click Properties.

To access the shared folder

Browsing the network in XP

You can access the shared folder in the following ways:

Using Mapped network drives

Using run Window

1.5 Sharing Internet Access

Creating an Internet Connection

 The TCP/IP protocol that is enabled for your network connection.

 User Name and Password from ISP.

Steps to make an Internet connection:

1. Open Network Connections from the Control Panel.

To do this follows these steps:

Steps to enable Internet Connection Sharing:

You must be logged on as an administrator or a member of the Administrators

 To set up Internet Connection Sharing, run the Network Setup Wizard.

1. Open Network Connections.

I see text stating that printer sharing must be turned on

o You need to enable printer sharing by running the Network Setup

I see options for sharing or not sharing the printer

Drivers for users running other versions of Windows (Windows 95,

To connect to a printer on a network

1. Open Printers and Faxes.

Search for it in Active Directory.

This method is available if you are logged on to a Windows domain running

1. Click Find a printer in the directory, and then click Next.

Type the printer name or browse for it.

5. Click Connect to this printer.

 Browse for it on the network. Click Next, click the printer in

Connect to an Internet or intranet printer.

8. Click Connect to a printer on the Internet or on your intranet.

To stop sharing your printer

1. Open Printers and Faxes.

 A special computer to be used only as network server.

2.2 Installing Network Operating System

HOW TO INSTALL WINDOWS 2000 ADVANCED SERVER

 Complete administrative control: Full control over all objects in the OU

 Adding objects to or deleting objects from the OU

 Different geographical locations, such as countries or continents, or different functional

 Projects and cost centers.

Site in Windows 2000

To create additional sites, take the following steps:

1. Create a new site by using Active Directory Sites and Services.

When installing Windows 2000 Server, it is configured to work as "Standalone

There are multiple possibilities to configure a server for "Active Directory",

Before allowing this wizard to reconfigure completely my system, I requested to

Lets select "Active Directory":

Continue the installation with "Start the Active Direcory Wizard"