1 / 34

COMP1321 Digital Infrastructures

Explore the role of the registry in Windows desktop and network configuration, user settings, and security. Select appropriate software tools for backup and fault tolerance on Windows networks.

maryjjohnson
Download Presentation

COMP1321 Digital Infrastructures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COMP1321Digital Infrastructures Richard Henson March2018

  2. Week 18: Windows Networks: Availability, Integrity & Security • Objectives: • Explain why user and system settings need to be controlled on networked machines • Explain the role of the registry in Windows desktop and network configuration, user settings, and security • Select appropriate software tools for backup and fault tolerance

  3. Platforms for Operating Systems • Most innovative company was DEC • recession hit, asset stripped and long gone • Nowadays… • one flavour of Windows • one flavour of Unix/Linux • Every device needs an operating system and (usually a GUI)

  4. Rivalry between Microsoft and DEC • Windows NT very advanced… • could be either client (NT workstation) • or server (NT server) • both same kernel and GUI for Intel CPU • or different kernel for different CPU • DEC’s RISC alpha chip • DEC gave away intellectual property to get alpha on Windows NT…

  5. Platforms with “Windows” • Process of evolution… from Windows NT to Windows 2000… • Intel platform brilliantly marketed • survived threats from DEC’s RISC architecture… • DEC 64-bit alpha platform never that popular • rights to alpha chip bought by Intel (!) • When XP released… • alpha platform option never even offered!

  6. Success of Windows 2000… scalability • Previous Microsoft networks… • each domain discrete… NOT SCALABLE! • Windows 2000 networks… • many domains linked together for e.g. logon, resource sharing • Windows domains could be www domains (!) • All thanks to an Internet-compatible (X500) distributed database… Active Directory (AD)

  7. Domain Trust • This allows users on one domain to log onto resources on another domain • Trusts can be one or two-way Domain A Domain B

  8. Enterprise Structure of Active Directory • A hierarchical system of organisational data objects • i.e. domains, • A Tree can be • a single domain • group of domains

  9. Domain Trees & Forests • Active Directory provides “trust” between the databases of domains that are linked in this way • A “Tree” is the domains and links between them • A “Forest” contains data needed to connect all objects in the tree: • domain objects in the tree are logically linked together in the forest and their users can “trust” each other

  10. Active Directory and Users • Active directory allows set up and management of domain users • Can also define domain groups, and allow domain users to become part of domain groups • aids administration • policy file can be set up • interacts with user machines registry during login • controls user desktop

  11. Organisations, Organisational Units, and Domains • An organisation may: • have several locations • have several functions in same location • Alternative to multiple domains… • organisational units • group policy can be applied selectively

  12. Active Directory and DNS • Active directory aligns with Internet domain names • each domain in the a windows network tree has a unique DNS identity • therefore a unique IP address… • can cause confusion when setting up domain structure!! • Each device within a domain can also make use of DNS, via its IP address…

  13. Platforms at Client-end • Soon after Active Directory arrived… • improved Intel CPU/motherboard platform • Windows kernel became 64-bit • Windows 2003 Server 64-bit • Windows Vista, 7, etc all 64-bit option • Due to Microsoft’s disastrous (mis)launch of Vista just when smartphones were becoming popular… • Apple client platform became “Intel Inside” • chance to emerge and develop a good range of apps • ensured success of i-player & i-phone

  14. Windows 2003 Server • Main difference at kernel level: • 64-bit option • 32-bit kernel unchanged… • Noteworthy extra functional enhancements: • GDI+ interface • Enhanced active directory • Group Policy management console (GPMC) • Replaced by Windows 2008 Server… • Microsoft withdrew support in 2015 (!)

  15. BIOS Developments • Earlier motherboards had a single chip containing the BIOS on ROM and a writeable CMOS area • CLI invoked was 16-bit (primitive) • More recent motherboards use EFI (Extensible Firmware Interface) • uses a 32-bit command line • only really exploited with Windows 7, and 2008 Server… • from about that time, vending machines etc. got fancier interfaces

  16. More about booting to an Intel platform • BIOS should “point” to selected medium that contains a “boot loader” program • contains “master boot record” (MBR) • points to the boot partition • containing the operating system • Different media prepared in different ways • hard disk still the conventional boot medium • number of partitions so potential choice of bootable media • CDs & USBs only have one partition

  17. Partitions, Hard Disks and Multiple Operating Systems • MBR must be on the first (C:) partition • possible to have different operating systems on the same hard disk… • varieties of Windows • varieties of Unix… • BUT… • MBR mechanisms different on Unix and Windows • Still possible to have ONE Unix partition…

  18. Logon • Once the operating system has been loaded… • user logon screen presented • Rapid local boot is fine… • but most organisational computers are on networks… • why? • why does network logon take so long?

  19. Rapid Boot-up with Windows 7/8/10 (1) • Booting up to XP used to be really slow! Intention was to improve on this… • 32-bit colour animation appears at an early stage • driven by the CPU (& using EFI) • graphics card not yet even initiated… • meanwhile, operating system's kernel and critical device drivers are loading into memory in the background…

  20. Rapid Boot-up with Windows 7/8/10 (2) • Early stage of boot process is i/o bound: • loading the kernel • device driver files • other system component files • Boot animation area limited to a centre of the screen (fewer pixels) • avoid i/o delay loading animation images during the early stage of boot…

  21. Rapid Boot-up with Windows 7/8/10 (3) • Changes to the boot “architecture” compared to XP/Vista • animation can be displayed as the process moves along • contrast with Vista, where the pear animation came on only after the boot sequence was complete… (!!!) • fewer transitions in graphics mode during initialisation of the graphics subsystem and Windows shell • again, c.f. Vista, where screen flashed black a few times.. • Sound plays BEFORE user login starts…

  22. BUT… • The user in an organisation then needs to log on… • Could be a long wait…endless loading of policy files… • subsequent re-configuration to accommodate settings into the local registry…

  23. Backing up Active Directory • Goes without saying that the loss of Active Directory will be bad for the network • people won’t even be able to log on! • Should be backed up… regularly! • Back up to a different computer… • why?

  24. Microsoft TCP/IP stack • Differs from UNIX TCP/IP (e.g. no FTP, SMTP or Telnet) • DNS available as a network service • Application layer components: • Windows sockets - to interface with sockets-based applications • NetBT - to interface with NetBIOS applications • SNMP, TCP, UDP, IP as with Unix protocol stack

  25. Configuring TCP/IP on Windows(client or server) • Requires local administrator access!! • Locate and bring up TCP/IP configuration screen • If DHCP (dynamic host configuration protocol) is running, IP addressing dealt with automatically by the DHCP server

  26. TCP/IP Configuration (2) • Otherwise, three IP addresses can be manually added: • Local static machine IP address • Subnet mask • Default gateway

  27. TCP/IP Configuration (3) • Local machine IP address • DHCP protocol can automatically assign IP addresses from a Windows 2000 server machine running DHCP server • Alternatively, a static IP address can be keyed in manually • Subnet mask: • normally 255.255.255.0 for small networks • 255.255.x.0 for larger networks • x -> 0 as the network gets larger • Default gateway is the IP address of the LAN-Internet interface computer…

  28. Windows TCP/IP utilities • Located in the system32 directory • Not available from the GUI • Only accessible via the NT prompt (Ping (packet internet groper): • FTP • Telnet • Finger (retrieval of system information from a computer running TCP/IP & finger • ARP (displays local IP addresses according to equivalent MAC or “physical” addresses) • ipconfig (displays local IP configuration) • tracert (checks route to a remote IP address)

  29. Remote Access Service • RAS also allows access to an NT network through routes such as: • PSTN • X25 • ISDN • Uses Point to Point protocol (PPP) • remember that? • Also supports use of PPP Multilink protocol, which allows a combination of communications links and multiple links to be used

  30. Remote Access Service • Also provides capability for VPNs (Virtual Private Networks) using secure Internet access • using PPTP (point-point tunnelling protocol) • Standard username/password authentication still required for all remote logins • Can be used as a Gateway for NetBIOS names or (using IPX) to remotely gain access to Novell Netware services

  31. RAS & Secure Remote Login • To login remotely, user must have a valid username/password and RAS dial-in permission • RAS can use “call back” security: • Server receives a remote request for access • Server makes a note of the telephone number • Server calls the remote client back, guaranteeing that the connection is made from a trusted site • Login information is encrypted by default • All remote connections can be audited

  32. Internet Information Server (IIS) • Microsoft’s Web Server • can also provide ftp or smtp publishing service • Purpose: • make html pages available: • as a local www service • across the network as an Intranet • across trusted external users/domains as an Extranet • run server-scripts in communication with client browsers • Sets up its own directory structure for developing Intranets, Extranets, etc. • Access to any IIS service can be restricted using username/password security

  33. IIS (2) • Can allow anonymous remote login: • Uses a “guest” account – access only to files that make up the Intranet • Anonymous login prevents trying to hack in through guessing passwords of existing users • Provides the software connectivity for a server-side interface that can connect client-server Internet applications

  34. Terminal Services • Allows any PC running a version of Windows to remotely run an Windows server • uses a copy of the server’s desktop on the client machine • Client tools must be installed first, but the link can run with very little bandwidth • possible to remotely manage a server thousands of miles away using a phone connection… • Cloud services, “Back to the future” (!)

More Related