1 / 49

Network Operating Systems

. Can be peer-to-peer or client server or server basedEach machine is identified by unique computer namesResources are specified with their UNC names - \\computername\sharename\directory\fileThese resources are referred to as shares.The access a user is granted to a share is referred to as a permission..

Sophia
Download Presentation

Network Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Network Operating Systems

    2. Can be peer-to-peer or client server or server based Each machine is identified by unique computer names Resources are specified with their UNC names - \\computername\sharename\directory\file These resources are referred to as shares. The access a user is granted to a share is referred to as a permission.

    3. How Windows communicates Windows machines rely on “names” for communication

    4. NetBIOS Name Service All resources on Windows networks must have unique names. This “naming” is controlled by a protocol call NetBIOS Names on NetBIOS networks must first be claimed This claiming process can be done either by broadcasts, or by querying a WINS server (running on a NT server).

    5. NetBIOS vs. NetBEUI

    6. NetBEUI NetBEUI is the traditional protocol supported with Windows networks It is small, fast and easy to use However it is a raw frame protocol (no network layer address) NetBEUI is not routable

    7. Browsing the Network Shares on Windows networks are made accessible to clients through browsing “Browse lists” are maintained by a process called the Master Browser A Master Browser is “elected” each time the Windows Network starts. (priority: NT servers, Win95 machines, then WFW machines)

    8. Microsoft’s Workgroup Model a logical grouping of computers and users any machine can be a client or a server each computer maintains it’s own user database all configuration is done locally on each PC suitable for small networks

    9. Microsoft’s Domain Model

    10. Domain Controllers maintains the master copy of the user database tracks changes made to domain accounts authenticates users one PDC must exist in each domain

    11. Replication can be installed to provide redundancy authenticates users to reduce load on PDC Synchronized to the PDC- the PDC automatically replicates a copy of the user database to the BDC can be promoted to PDC if existing PDC fails

    12. NT Administrative Tools User Manager for Domains Server Manager My Computer/Explorer Network Control Panel Event Viewer Disk Administrator Windows NT Diagnostics Performance Monitor RDISK

    13. User Manager for Domains Add/configure user accounts Add/configure groups specify home directories, logon hours, logon workstations etc for users accounts administer rights

    14. Server Manager view statistics about the computers in a domain add new computers to a domain send messages to other computers view, create, change permissions on shares promote a BDC to PDC synchronize the PDC to the BDC

    15. Network Control Panel

    16. My Computer/Explorer

    17. Event Viewer View File, System or Security error messages

    18. Windows NT Diagnostics View various diagnostics about the NT computer such as memory, resource settings, version information

    19. Performance Monitor Tracks performance statistics such as memory usage, server traffic, disk performance, processor utilization

    20. Disk Administrator View/Configure drives and partitions

    21. NTFS vs. FAT NT supports the following file systems FAT (File Allocation Table) widely used complete access for various operating systems maximum partition size is 4 GB (2GB in W9X) NTFS4 (Windows NT File System) allows file level and local security enhanced performance and reliability file compression is possible maximum partition size is 2 Terabytes

    22. You can create or update an Emergency Repair Disk by running (In W2000 this would be accomplished by running the Backup Wizzard). It is used to verify/repair a corrupted NT/2000 system Use RDISK /S (or Backup Wizzard)to backup user and security info to the disk You should recreate this disk every time you make changes to NT/2000 The information contained on the Emergency Repair Disk is stored on your hard drive in C:\WINNT\REPAIR. It is not a bootable disk - use setup disks and select Repair option Emergency Repair Disk

    23. Creating an NT Boot Disk NTLDR - NT OS Loader NTDECTECT.COM - Identifies/loads hardware BOOT.INI - configures disks and partitions Ntbootdd.sys - for SCSI without BIOS Other device drivers necessary for operation of the system some files are accessed from the hard disk

    24. BOOT.INI BOOT.INI is hidden and read-only ascii-text file Builds the Boot Loader Menu which defines timeout operating systems installed partition locations referred to as ARC paths

    25. Network Operating Systems Windows NT Managing Users and Resources

    26. Access to an NT domain is based on both a user account and a computer account Is based on SAM (Security Accounts Database) Security database on NT that contains all user accounts, group accounts, and computer accounts within a domain. It also holds passwords, policy settings, records of permissions, etc. this is what is replicated between PDC and BDC. SID - the security ID a unique identifier for each user, group or computer account.

    27. Multiple Domains & Trusts Multiple domains may be created within an organization to help organize or categorize divisions or users. Trusts are then established to grant inter-domain access when multiple domains exist Trusting Domains - grant access Trusted Domains - receive access One-Way, Two-Way, or Universal Trusts

    28. User Account Configuration User Manager for Domains make sure you use the right User Manger Accounts created for NT domains are global accounts

    29. Computer Account Administration All NT workstation computers must be added to the domain before the computer can be used to access the domain. Computer accounts can be created from Server Manager or from the NT workstation.

    30. Groups Groups allow you to simultaneously grant rights and permissions to multiple users. Try to use groups as much as possible when assigning rights and permissions to ease administration.

    31. How to use NT Groups Using NT groups effectively eases NT administration in multiple domains Global Groups - contain only users from one domain Local Groups - contain user accounts and global groups from one or many domains A-G-L-P create Accounts in one domain create a Global group in that domain and place users in it create a Local group in the other domain grant the local group Permissions to resources from the other domain make the global group a member of the local group

    32. 3 Ways of Securing Network Resources Users access to a share (ie: read, write, delete) is referred to as share permissions. File/directory level security is available if you use the NTFS file system and NTFS Permissions. A right is the authorization to perform a system related task (ie: backup, change time, shutdown)

    33. Setting Share Permissions Right click the folder and select the Sharing tab

    34. Setting NTFS Permissions Right click the folder or file and select the Security tab

    35. Evaluating Access to Resources Permissions flow down the folder hierarchy Permissions and rights are additive except No Access overrides all permissions and rights when combining share and NTFS permissions the most restrictive always wins NTFS file permissions override folder permissions

    36. An Example of setting permissions Guidelines for setting up user Home directories Use NTFS a folder named USER is automatically created when installing NT. On this folder grant the following: Share level Full Control to the Everyone group NTFS directory permissions of Read and Execute to Everyone NTFS file permissions of None to Everyone NTFS Full Control for both for Administrators Create home directories for each individual user under the USERS folder and grant each user NTFS Full Control to their own directory.

    37. Setting User Rights A right is the authorization to perform a system related task (ie: backup, change time, shutdown) From User Manager for Domains, select Policies, User Rights

    38. Configuring the User Environment Logon scripts Simple text files that can be .bat, .cmd, or .exe should be stored in C:\WINNT\SYSTEM32\ REPL\IMPORT\SCRIPTS Home Directory The location of the users home folder Default for Save as and Open in MS Apps User Profile Path the location of the Users profile in UNC format \\servername\sharename

    39. User Profiles stores user specific configuration and desktop settings automatically created when a user logs in locally stored on \winnt_root\profiles, %systemroot%\profiles or c:\winnt\profiles Two default folder exist - All Users and Default Users can be placed on a network share to be configured as roaming profiles or mandatory roaming profiles

    40. User Profiles Includes these sub-folders: Application Data - Win95 or NT application specific data Desktop - shortcuts and other desktop settings Favorites - favorite URLs etc. NetHood - Hidden, contents of Network Neighborhood Personal - Personal programs PrintHood - Hidden, contents of printer window Recent - recently opened files SendTo - contents of the SendTo menu Start Menu - contents of the Start Menu Templates - hidden, Win95 and NT template files Also includes: Ntuser.dat and Ntuser.dat.log - registry settings

    41. User Profiles Roaming User Profiles - by placing the profile sub-directory on a network share, the user profile can be downloaded to any machine the user logs in to. Mandatory Roaming User Profiles - by change the Ntuser.dat to Ntuser.man, the profile cannot be modified by the user.

    42. System Policies A set of registry settings that defines system configurations and user restrictions can be based on machine, user or group policies are created using poledit the policy is stored as Ntconfig.pol Ntconfig.pol should be stored in C:\WINNT\SYSTEM32\ REPL\IMPORT\SCRIPTS Three settings Enabled (checked) Disabled (un-checked) Neutral (grayed)

    43. NETLOGON Share The NETLOGON Share provides directory replication to synchronize login scripts, policies and other user files from PDC to BDC. Important for authentication in multiple domain controller environments. C:\WINNT\SYSTEM32\REPL\EXPORT

    44. Windows 2000 Products

    45. Windows 2000 Products (cont)

    46. Windows 2000 Cababilities

    47. Windows 2000 New Features

    48. Windows 2000 New Features (cont)

    49. Windows 2000 Server Security

    50. Windows 2000 ADS Guidelines

More Related