260 likes | 374 Views
New SA Training Topic 2: Virtualization. You job requires the use of hardware virtualization Virtualization allows our company to create virtual computers that act like traditional server and desktop machines
E N D
New SA TrainingTopic 2: Virtualization • You job requires the use of hardware virtualization • Virtualization allows our company to create virtual computers that act like traditional server and desktop machines • During your training period, you will be using Microsoft’s Virtual PC as your hypervisor • Our training focus is on concepts (thus, you will not necessarily use production tools, OS versions, etc.)
Differencing disks • You will be creating differencing disk images for your hard drives
Creating a differencing disk Disk Differencing works by storing only the changes to an original image in a new VPC virtual hard-disk. We can create the disk or the machine first. Steps for creating the disk first follow. They were taken from: http://csciwww.etsu.edu/nielsen/4417/VPC_a.htm. A machine first example can be found at: http://csciwww.etsu.edu/nielsen/4417/VPC.htm
Creating a differencing disk (cont.) Create a new Virtual Hard Disk using the Wizard
Creating a differencing disk (cont.) Create the differencing VHD in a folder of your choice. (This is the disk that will hold the changes made to the parent)
Creating a differencing disk (cont.) Then select the Parent VHD. (The one with the OS installed on it)
Creating a virtual machine Create a New Virtual Machine using the Wizard
New SA TrainingTopic 3: User Management • What is a user to you? • How do we group classes/categories of users? • Location of information (host or centralized) • Home directory • Opportunities for pre-login scripting/ initialization • Passwords • “Object” identifiers (SID, UID, GID)
Windows Specifics • Domain Controllers • Active Directory • Windows user/group setup: • Local vs. Domain • GUI vs. Command line (manage via MMC vs. “net user”, “addusers”, etc.) • Groups: primarily useful for administration • Windows groups: complex (stick to domain groups for now)
Windows Specifics • Where are passwords stored? • Local? Network? • What makes a password “acceptable”? • “Complex” passwords – • Can’t contain the username or parts of the user's full name • At least six characters long • At least three of: uppercase, lowercase, numbers, special characters/symbols (ex: !, $, #, %) • Additional settings – max age, min age, history, etc. • http://technet.microsoft.com/en-us/library/cc264456.aspx
Windows Specifics (cont.) • Windows logon: • Computer logon • Interactive user logon • Network user logon • Service logon • Profiles (controls the user desktop environment) • Local profiles • Roaming profiles • Mandatory profiles
Windows Specifics (cont.) • Group policies – Computer or user based; flow down from Site, to Domain, to OU • Example settings: • User security • Application installation • Boot • Logon • Logoff • Shutdown • Various “look-and-feel”
Windows Specifics (cont.) • Group Policy Container (GPC) • The AD portion of a GPO is called the Group Policy Container • The GPC stores GPO properties, containers (computer and user), status, version, etc. • Group Policy Template (GPT) • The portion of a GPO that is stored as folders and files in SYSVOL directory • The GPT is where the majority of actual settings are stored when you edit a GPO
Windows Specifics (cont.) • While most policy settings are stored in the GPT, some policy areas use both the GPC and GPT, others use only the GPC and some don’t use either the GPC or GPT. • Windows Scripting Host and ADSI: Take a look at Windows 2000 User Management or Windows 2000 Power Toolkit (in Safari, or Microsoft).
Windows User/GP/Profile Exercise • Let’s look at the MMC • Users • Groups • Computer accounts • Group Policy • View Group Policy Settings with RSoP • Let’s look at a Default Profile
Linux Specifics • Linux user/group setup: • Local vs. Network • GUI vs. Command line vs. editing files (Red Hat User Manager vs. “useradd”, “addusers”, etc. vs. edit /etc/passwd)
Linux Specifics • Where are passwords stored? • Network? • Local? • Where is group information stored? • What makes a password “acceptable” to a Linux system?
Linux Specifics (cont.) • /etc/passwd: username, passwd, uid, gid, GECOS, home directory, login shell/program • GECOS contains general information about the user. The exact type of information depends on the UNIX variant, but for example it may contain real name and phone number. • /etc/group: name, passwd, gid, user list • Groups: Avoid user private groups (UPG) as it is RedHat-specific. Why tie yourself to a vendor if you don't have to? • /etc/shadow: (days, in terms of days since Jan 1, 1970)
Linux Specifics (cont.) • Shadow file format • username • encrypted passwd • date password was last changed • days before PW may be changed (minlife) • days after which PW must be changed (maxlife) • days before password expires to warn user • days after password expires to disable account • day that account expires and is disabled • Reserved (i.e., nothing useful)
Linux Specifics (cont.) • Shell environments & customizations • /etc/shells - Contains the pathname of every shell available on your system; Some daemons disallow access to users with unlisted shells • /bin/sh – Bourne shell • /bin/bash – bash shell • /bin/csh – C shell • /sbin/nologin – a program to politely disallow logins • /etc/skel - The home directory for each new user is initialized with files from the /etc/skel directory; The SA can use /etc/skel to provide a default environment for users
Linux Specifics (cont.) • SA Environment settings • /etc/profile – System wide environment and startup programs that are executed at login (default path, umask, terminal type, etc.) • /etc/bashrc, /etc/csh_cshrc, or others– System wide functions, aliases, etc. that are set when shell starts (may update path, modify your prompt, set command aliases, etc.) • User Environment settings – similar to above, but are set by the user in their home directory • .*login / .*profile (.login, .profile, csh.login, .bash_profile, etc.) - Stores settings executed at login • .*rc (.cshrc, .bashrc, etc.)- Stores settings executed at shell session start
Linux Specifics (cont.) • NIS (Network Information Service) • Distributed database that allows one configuration to be used for many computers • Assumes a high degree of trust (so can be insecure) • LDAP (Lightweight Directory Access Protocol – not just Linux) • Allows for quick location of information • Can provide enterprise-level user authentication • Can provide access control
Linux User/Profile Exercise • Let’s look at the important files • passwd • group • shadow • /etc/shells • /etc/skel • .profile • ENV (.bashrc)