Professional Documents
Culture Documents
Chapter 3
Chapter 3
When the computer comes up and displays the desktop, the first window you see, titled
Manage Your Server, allows you define the "role" of the computer. . A convenient link is
available in the middle of the window.
This tutorial will explain how to install AD on server 2008. This will valid for
windows 2008 R2 as well.
Requirement:
Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual
Core)
Minimum: 32 GB or greater
1. The first step is to assign a ip to the server that you going to deploy
the AD. Its nessary to install it as DNS server too. So its better to have
fixed IP it doesn't mean you cannot install AD without fixed ip
address but it will solve lot of issues if you used fixed ip.
In here the server ip is 10.0.0.14. Since we going to make it as DNS server too
you should use the same ip as the preferred DNS server.
Next step is to install the Active directory roles. Unlikely the older
version of windows servers Microsoft highly recommend to use server
manager option to install roles before you run dcpromo.
From the roles list select the "Active Directory Domain Services" role and
Click "Next"
Review the confirmation and click on "Next"
After reboot please open up the "server Manager" again. And then click
on "Roles" there you will see the "Active Directory Domain Services" is
successfully installed in there. click on it then you will get a window like
below.
So please click on that link and it will start the DCPROMO wizard.
Click on "Next"
Since we going to install New domain Controller in new forest please
select the option "Create a new domain in new forest" option and click on
"Next"
Now we have to provide the name for our domain controller. It must be
FQDN. In our case I used rebeladmin.com as the domain. Please click
"Next" after it.
In this window it will ask to select forest function level. If you going to
add server 2003 domain controller to your forest later don't select the
function level as server 2008. If you going to use full features of 2008 Ad
you must select forest function level as server 2008. In my case I used
server 2008. Click on "Next" after the select.
In next window since it's the first DC we should make it as DNS server
too. Leave the default selection and click on "Next"
If the wizard cannot create a delegation for the DNS server, it displays a
message to indicate that you can create the delegation manually. To
continue, click "Yes"
In next window it will show up the database location. It its going to be
bigger AD its good if you can keep NTDS database in different partition.
Click on "Next" after changes.
In next window its asking to define a restore mode password. Its more
important if you had to do a restore from backup in a server crash. Click
on "Next" after filling it.
Next window is giving you a brief of the installation. Click on "Next"
Then it will start the installation of the AD. It will take some time to
complete. After complete of the installation perform a server reboot.
After the reboot now you can login to the domain. Please use the login as
following example
Password : XXXXXXXX
Now its done and you can view the active directory options on
administrative tools menu.
Joining a Domain
Creating a Computer Account
After creating a domain, you can add client computers to it. In our examples, we will add workstations
that run Microsoft Windows 7, 8.1 and etc. There are two actions to adding a client to a Microsoft
Windows Server 2008 domain but only one is required.
Before physically or electronically adding a client to a domain, you can first create a computer account
for it. To create a computer account, you have various alternatives:
If using the Manage Your Server window, you can click Manage Users And Computers In Active
Directory
You can also click Start -> Administrative Tools -> Active Directory Users And Computers
You can also click Start -> Control Panel -> Administrative Tools -> Active Directory Users And
Computers
Any of these actions would open the Active Directory Users and Computers window. In the left
frame, expand the name of the domain. Then you can right-click the name of the domain -> New ->
Computer. This would open the New Object - Computer dialog box. In the Computer Name text box,
enter the name of the computer. The operating systems before Windows 2000 don't use very long
names. Therefore, when naming a computer, keep this in mind and give a name made of fewer than 15
characters. After naming the computer, click Next twice and click Finish.
Instead of right-clicking the name of the domain, in the Active Directory Users And Computers, you
can expand the name of the domain, right-click the Computers node -> New -> Computer. As
mentioned already, in the first page of the New Object - Computer wizard, you can type a name for the
computer. Here is an examle:
Joining a Domain
After creating an account for a computer, you can add it to the domain. This is
referred to as joining a domain. Normally, primarily creating an account for a
computer is not required although it's a good idea. When joining a domain, if the
computer you are adding doesn't have one already, an account would be created for
it.
Click Change
In the Computer Name text box, enter the desired name of the computer. If you
had already created an account in the domain for this computer, type that name
Click the Domain text box and enter the name of the domain
After specifying the name of the computer and the domain to join, click OK
You would then be asked to provide a user name and a password for a user who
has the permissions to join let a computer join a domain
After entering a user and a password, click OK. If you have the right to add
computers to the domain, you would receive a Welcome message and click OK:
In Specify IPv4 DNS Server Settings, make sure that the parent domain is the
newly created domain which is harambee.edu. For Preferred DNS server IPv4
address, key in the server’s IP address which is 10.0.2.15 and not the localhost IP
(127.0.0.1). Click Validate to check the validity of the IP. For Alternate DNS
server IPv4 address, leave it empty and click Next.
In Specify IPv4 WINS Server Settings, user can leave it as default and click Next.
The middle section of this window provides only a limited list of tools, considered to
be the most regularly used. Alternatively, you can display the whole list of tools in a
window. To do this, under the Tools and Updates Section, you can click
Administrative Tools:
The Microsoft Management Console(MMC)
You use Microsoft Management Console (MMC) to create, save and open administrative tools,
called consoles, which manage the hardware, software, and network components of your
Microsoft Windows operating system. MMC runs on all client operating systems that are
currently supported.
snap-in is a tool that is hosted in MMC. MMC offers a common framework in which various
snap-ins can run so that you can manage several services by using a single interface. MMC also
enables you to customize the console. By picking and choosing specific snap-ins, you can create
management consoles that include only the administrative tools that you need. For example,
you can add tools to manage your local computer and remote computers.
SECURE FILES AND FOLDERS
I. Sharing folder
Servers, typically kept in locked rooms, store the company resources (folders, files,
documents, spreadsheets, etc). These servers are locked behind closed doors so that the
only access that employees have to the resources is over the network. In order for
employees to access the resources stored on the servers, the server must be configured
to allow the employees to access the resources over the network. For a Windows
environment, this is done through shared folders.
You can share and allocate a folder for clients from the server. And you can assign
different permissions for the shared folder.
In order to protect the resources that are made available through shared folders,
administrators must configure “permissions” for the folders and files that are made
available over the network. There are two types of permissions that can be configured
on shared folders: share and NTFS
permissions are an attribute of the folder or file for which they are
configured.
The NTFS permissions include both
standard and
special levels of settings.
The standard settings are combinations of the special permissions, making the
configuration more efficient and easier to establish. These permissions include
the following, as shown in Figure below:
Full Control
Modify
Read & Execute
List Folder Contents
Read
Write
NTFS permissions are associated with the object, so the permissions are always
connected with the object during a rename, move, or archive of the object.
Share permissions are only associated with the folder that is being shared. For example,
if there are 5 subfolders below the folder that is shared, only the initial shared folder can
have share permissions configured on it. NTFS permissions can be established on every
file and folder within the data storage structure, even if a folder is not shared.
2. Share :-
permissions are configured on the Sharing tab of the shared folder.
On this tab, you will have a Permissions button, which exposes the share permissions
when selected, as shown in Figure below.
As you can see, the share permissions standard list of options is not as robust as the
NTFS permissions. The share permissions only provide :-
Full Control,
Change,
and Read.
There are no special permissions available for share permissions, so the standard
permissions are as granular as you can go for this set of access control.
The share permissions are not part of the folder or file, so when the share name is
changed, the folder is moved, or the folder is backed up.the share permissions are
not included. This makes for a fragile control of the share permissions if the folder is
modified.
1. Right click on the folder you want to share and click on Sharing and Security…
2. Check share this folder option button under Share properties window and assign
share name and user limit as needed. Then click on Permissions… Button
3. Remove everyone and add the user you want and click ok
4. Assign the share permissions by checking on permissions check box then click
Apply and ok
5. Under Security tab Click Add button to add a user in the list
6. Select the user and check the necessary security permissions you want to assign
for that user and click Apply then click ok.
4. Click on Quota menu bar and click on New Quota Entry… under quota entries
for Local disk (C://) window
5. Under user select window Add the user you want to assign the disk quota
write the user name under enter the object names to select Text area and click
on Check Names button then click ok
6. Under New quota entry window click on Limit disk space to option button
and write the amount of space you want to allocate and write the set warning
level to boxes then click apply then click ok
7. Click ok and apply as necessary to finalize the quota allocationthen the quota
aloocated to the user
WHAT IS IIS?
Internet Information Services 6 (IIS 6) is a powerful platform for hosting web sites on
both the public Internet and on private intranets
HTTP stands for HyperText Transfer Protocol, an Internet protocol that enables
the distribution of hypertext documents.
Hypertext is text that is specially coded using a standard system called
Hypertext Markup Language (HTML).
The HTML codes are used to create links.
These links can be textual or graphic, and when clicked on, can "link" the user to
another resource such as other HTML documents, text files, graphics, animation
and sound. HTTP is based on the client/server principle.
HTTP allows a client to establish a connection to an HTTP server (also known as
a web server) and make a request.
The server accepts the connection initiated by the client and sends back a
response. An HTTP request identifies the resource that the client is interested in
and tells the server what "action" to take on the resource.
When a user selects a hypertext link, the client program (also known as a web
browser) on the client computer uses HTTP to contact the server, identify a
resource, and ask the server to respond with an action.
The server accepts the request, and then uses HTTP to respond to or perform the
action.
FTP
FTP stands for File Transfer Protocol. This is both a program and the method used to transfer
files between computers. Anonymous FTP is an option that allows users to transfer files from
thousands of host computers on the Internet to their personal computer account. FTP sites
contain books, articles, software, games, images, sounds, multimedia, course work, data sets,
and more.
If your computer is directly connected to the Internet via an Ethernet cable, you can use one of
several PC software programs, such as WS_FTP for Windows, to conduct a file transfer.
FTP transfers can be performed on the World Wide Web without the need for special software.
In this case, the Web browser will suffice. Whenever you download software from a Web site to
your local machine, you are using FTP.
Sharing file by using IP address (FTP)
Note
When you use the Add Roles Wizard to install IIS, you get the default installation,
which has a minimum set of role services. If you need additional IIS role services, such
as Application Development or Health and Diagnostics, make sure to select the check
boxes associated with those features in the Select Role Services page of the wizard.
Select the IIS services to be installed on the Select Role Services page. Add only the modules
necessary. In this case, ASP.NET is selected, and a description of ASP.NET appears in the right
pane. Once desired modules are added, click Next.
Add any required role services.
IIS is now installed with a default configuration for hosting ASP.NET on Windows Server.
Click Close to complete the process.
To open IIS, open Server Manager, expand Roles then Web Server and
click on Internet Information Services (IIS) Manager.
Confirm that the Web server works by using http://localhost.
Configure FTP
Goto start-Button-Administrator tool-internet Information service(IIS 6.0)
Double click computer name-FTP site displayed
Right click default FTP site-property
Assign IP address from dropdown menu
Then Apply and ok
Start FTP
Then goto computer disk which the Windows installed since
Select InetPup
Select ftproot
Create folder(example firstfolder,secondfolder…).
Openning Folder create some file in the foler (example 123.txt file).
In the file write some things to example.
The open one browser (type ftp://IP address of the server)
DNS [port 53): DNS stands for Domain Name System. It helps users to find their way around
the Internet. Every computer on the Internet has a unique address – just like a telephone
number – which is a rather complicated string of numbers. It is called its "IP address" (IP stands
for "Internet Protocol").
But it is hard to remember everyone's IP address. The DNS makes it easier by allowing a
familiar string of letters (the "domain name") to be used instead of the arcane IP address. So
instead of typing 192.0.34.65, you can type www.icann.org. It is a "mnemonic" device that makes
addresses easier to remember.
Translating the name into the IP address is called "resolving the domain name." The goal of the
DNS is for any Internet user any place in the world to reach a specific website IP address by
entering its domain name.
1. Go to DNS
Under dnsmgmt window right click on _____ click on new zone
New zone wizard opened and Click next under Type zone name
Select the type of zone you want to create and Click next
Select Forward or Reverse lookup zone then click next
Enter Zone name and click next
Right click on your zone name example www.holeta.edu then click on New Host (A)…
Under new host window Enter the IP address of the webpage you give for your http file
then click Add Host then click Done
Finally click ok
Finally on web browser type the Domain name of the website you assigned while
configuring the DNS on the address bar of your browser(example www.holeta.edu ) then
press enter or click go
Step-by-Step Guide to create Organizational Unit (OU) in AD Domain
Service Managed Domain.
Organizational unit in active directory is a container where you can place users,
computers, groups and other organization units even. OU are helps to create logical
structure of the AD. You can use it to assign group policies and manage the resources.
This is common procedure in in-house domain environment.
Adding an Organizational Unit and Users in Windows Server 2008
R2
2. At this point you should be able to see your domain. In our example we are using
the Globomantics domain. Go ahead and expand your domain
3. Type in the name of your OU and make sure that the box is checked next to Protect container from
accidental deletion. When done, click OK.
4. We now have a new Organizational Unit in our Active Directory called OpsOU.
Creating a New Group
After you create an Organizational Unit in your Active Directory, you are ready to create your first group.
Go ahead and select your OU and then right-click in the blank area.