510 likes | 928 Views
. Can be peer-to-peer or client server or server basedEach machine is identified by unique computer namesResources are specified with their UNC names - \\computername\sharename\directory\fileThese resources are referred to as shares.The access a user is granted to a share is referred to as a permission..
E N D
1. Network Operating Systems
2. Can be peer-to-peer or client server or server based
Each machine is identified by unique computer names
Resources are specified with their UNC names - \\computername\sharename\directory\file
These resources are referred to as shares.
The access a user is granted to a share is referred to as a permission.
3. How Windows communicates Windows machines rely on “names” for communication
4. NetBIOS Name Service All resources on Windows networks must have unique names. This “naming” is controlled by a protocol call NetBIOS
Names on NetBIOS networks must first be claimed
This claiming process can be done either by broadcasts, or by querying a WINS server (running on a NT server).
5. NetBIOS vs. NetBEUI
6. NetBEUI NetBEUI is the traditional protocol supported with Windows networks
It is small, fast and easy to use
However it is a raw frame protocol (no network layer address)
NetBEUI is not routable
7. Browsing the Network Shares on Windows networks are made accessible to clients through browsing
“Browse lists” are maintained by a process called the Master Browser
A Master Browser is “elected” each time the Windows Network starts. (priority: NT servers, Win95 machines, then WFW machines)
8. Microsoft’s Workgroup Model a logical grouping of computers and users
any machine can be a client or a server
each computer maintains it’s own user database
all configuration is done locally on each PC
suitable for small networks
9. Microsoft’s Domain Model
10. Domain Controllers maintains the master copy of the user database
tracks changes made to domain accounts
authenticates users
one PDC must exist in each domain
11. Replication can be installed to provide redundancy
authenticates users to reduce load on PDC
Synchronized to the PDC- the PDC automatically replicates a copy of the user database to the BDC
can be promoted to PDC if existing PDC fails
12. NT Administrative Tools User Manager for Domains
Server Manager
My Computer/Explorer
Network Control Panel
Event Viewer
Disk Administrator
Windows NT Diagnostics
Performance Monitor
RDISK
13. User Manager for Domains Add/configure user accounts
Add/configure groups
specify home directories, logon hours, logon workstations etc for users accounts
administer rights
14. Server Manager view statistics about the computers in a domain
add new computers to a domain
send messages to other computers
view, create, change permissions on shares
promote a BDC to PDC
synchronize the PDC to the BDC
15. Network Control Panel
16. My Computer/Explorer
17. Event Viewer View File, System or Security error messages
18. Windows NT Diagnostics View various diagnostics about the NT computer
such as memory, resource settings, version information
19. Performance Monitor Tracks performance statistics
such as memory usage, server traffic, disk performance, processor utilization
20. Disk Administrator View/Configure drives and partitions
21. NTFS vs. FAT NT supports the following file systems
FAT (File Allocation Table)
widely used
complete access for various operating systems
maximum partition size is 4 GB (2GB in W9X)
NTFS4 (Windows NT File System)
allows file level and local security
enhanced performance and reliability
file compression is possible
maximum partition size is 2 Terabytes
22. You can create or update an Emergency Repair Disk by running (In W2000 this would be accomplished by running the Backup Wizzard).
It is used to verify/repair a corrupted NT/2000 system
Use RDISK /S (or Backup Wizzard)to backup user and security info to the disk
You should recreate this disk every time you make changes to NT/2000
The information contained on the Emergency Repair Disk is stored on your hard drive in C:\WINNT\REPAIR.
It is not a bootable disk - use setup disks and select Repair option
Emergency Repair Disk
23. Creating an NT Boot Disk NTLDR - NT OS Loader
NTDECTECT.COM - Identifies/loads hardware
BOOT.INI - configures disks and partitions
Ntbootdd.sys - for SCSI without BIOS
Other device drivers necessary for operation of the system
some files are accessed from the hard disk
24. BOOT.INI
BOOT.INI is hidden and read-only ascii-text file
Builds the Boot Loader Menu which defines
timeout
operating systems installed
partition locations referred to as ARC paths
25. Network Operating Systems Windows NT
Managing Users and Resources
26. Access to an NT domain is based on both a user account and a computer account
Is based on SAM (Security Accounts Database)
Security database on NT that contains all user accounts, group accounts, and computer accounts within a domain. It also holds passwords, policy settings, records of permissions, etc.
this is what is replicated between PDC and BDC.
SID - the security ID a unique identifier for each user, group or computer account.
27. Multiple Domains & Trusts Multiple domains may be created within an organization to help organize or categorize divisions or users.
Trusts are then established to grant inter-domain access when multiple domains exist
Trusting Domains - grant access
Trusted Domains - receive access
One-Way, Two-Way, or Universal Trusts
28. User Account Configuration User Manager for Domains
make sure you use the right User Manger
Accounts created for NT domains are global accounts
29. Computer Account Administration All NT workstation computers must be added to the domain before the computer can be used to access the domain.
Computer accounts can be created from Server Manager or from the NT workstation.
30. Groups Groups allow you to simultaneously grant rights and permissions to multiple users.
Try to use groups as much as possible when assigning rights and permissions to ease administration.
31. How to use NT Groups Using NT groups effectively eases NT administration in multiple domains
Global Groups - contain only users from one domain
Local Groups - contain user accounts and global groups from one or many domains
A-G-L-P
create Accounts in one domain
create a Global group in that domain and place users in it
create a Local group in the other domain
grant the local group Permissions to resources from the other domain
make the global group a member of the local group
32. 3 Ways of Securing Network Resources Users access to a share (ie: read, write, delete) is referred to as share permissions.
File/directory level security is available if you use the NTFS file system and NTFS Permissions.
A right is the authorization to perform a system related task (ie: backup, change time, shutdown)
33. Setting Share Permissions Right click the folder and select the Sharing tab
34. Setting NTFS Permissions Right click the folder or file and select the Security tab
35. Evaluating Access to Resources Permissions flow down the folder hierarchy
Permissions and rights are additive
except
No Access overrides all permissions and rights
when combining share and NTFS permissions the most restrictive always wins
NTFS file permissions override folder permissions
36. An Example of setting permissions Guidelines for setting up user Home directories
Use NTFS
a folder named USER is automatically created when installing NT. On this folder grant the following:
Share level Full Control to the Everyone group
NTFS directory permissions of Read and Execute to Everyone
NTFS file permissions of None to Everyone
NTFS Full Control for both for Administrators
Create home directories for each individual user under the USERS folder and grant each user NTFS Full Control to their own directory.
37. Setting User Rights A right is the authorization to perform a system related task (ie: backup, change time, shutdown)
From User Manager
for Domains, select
Policies, User Rights
38. Configuring the User Environment Logon scripts
Simple text files that can be .bat, .cmd, or .exe
should be stored in
C:\WINNT\SYSTEM32\
REPL\IMPORT\SCRIPTS
Home Directory
The location of the users home folder
Default for Save as and Open in MS Apps
User Profile Path
the location of the Users profile in UNC format \\servername\sharename
39. User Profiles stores user specific configuration and desktop settings
automatically created when a user logs in
locally stored on \winnt_root\profiles, %systemroot%\profiles or c:\winnt\profiles
Two default folder exist - All Users and Default Users
can be placed on a network share to be configured as roaming profiles or mandatory roaming profiles
40. User Profiles Includes these sub-folders:
Application Data - Win95 or NT application specific data
Desktop - shortcuts and other desktop settings
Favorites - favorite URLs etc.
NetHood - Hidden, contents of Network Neighborhood
Personal - Personal programs
PrintHood - Hidden, contents of printer window
Recent - recently opened files
SendTo - contents of the SendTo menu
Start Menu - contents of the Start Menu
Templates - hidden, Win95 and NT template files
Also includes:
Ntuser.dat and Ntuser.dat.log - registry settings
41. User Profiles Roaming User Profiles - by placing the profile sub-directory on a network share, the user profile can be downloaded to any machine the user logs in to.
Mandatory Roaming User Profiles - by change the Ntuser.dat to Ntuser.man, the profile cannot be modified by the user.
42. System Policies A set of registry settings that defines system configurations and user restrictions
can be based on machine, user or group
policies are created using poledit
the policy is stored as Ntconfig.pol
Ntconfig.pol should be stored in C:\WINNT\SYSTEM32\
REPL\IMPORT\SCRIPTS
Three settings
Enabled (checked)
Disabled (un-checked)
Neutral (grayed)
43. NETLOGON Share The NETLOGON Share provides directory replication to synchronize login scripts, policies and other user files from PDC to BDC.
Important for authentication in multiple domain controller environments.
C:\WINNT\SYSTEM32\REPL\EXPORT
44. Windows 2000 Products
45. Windows 2000 Products (cont)
46. Windows 2000 Cababilities
47. Windows 2000 New Features
48. Windows 2000 New Features (cont)
49. Windows 2000 Server Security
50. Windows 2000 ADS Guidelines