TABLE OF CONTENTS

(c) S.T.E.P.S. Publishing

TABLE OF CONTENTS

1. AN OVERVIEW OF ADMINISTRATIVE TOOLS IN WINDOWS 2000 SERVER 1

1.1 OVERVIEW 1

1.2 STARTING WINDOWS 2000 ADMINISTRATIVE TOOLS 1

1.3 ACTIVE DIRECTORY DOMAINS AND TRUSTS 2

1.4 ACTIVE DIRECTORY SITES AND SERVICES 3

1.5 ACTIVE DIRECTORY USERS AND COMPUTERS 3

1.6 COMPONENT SERVICES 3

1.7 COMPUTER MANAGEMENT 4

1.8 CONFIGURE YOUR SERVER 5

1.9 CONNECTION MANAGER ADMINISTRATION KIT 6

1.10 ODBC DATA SOURCE ADMINISTRATOR 7

1.11 DHCP (DYNAMIC HOST CONFIGURATION PROTOCOL) 7

1.12 DISTRIBUTED FILE SYSTEM 8

1.13 DNS (DOMAIN NAME SYSTEM) 8

1.14 DOMAIN CONTROLLER SECURITY POLICY 9

1.15 DOMAIN SECURITY POLICY 9

1.16 EVENT VIEWER 10

1.17 INTERNET AUTHENTICATION SERVICE 11

1.18 INTERNET INFORMATION SERVICES 12

1.19 LICENSING 12

1.20 LOCAL SECURITY SETTINGS 13

1.21 NETWORK MONITOR 13

1.22 PERFORMANCE MONITOR 14

1.23 QOS ADMISSION CONTROL 14

1.24 REMOTE STORAGE 15

1.25 ROUTING AND REMOTE ACCESS 16

1.26 SERVER EXTENSIONS 16

1.27 SERVICES 17

1.28 TELNET SERVER ADMINISTRATION 18

1.29 TERMINAL SERVICES CLIENT CREATOR 18

1.30 TERMINAL SERVICES CONFIGURATION 18

1.31 TERMINAL SERVICES LICENSING 19

1.32 TERMINAL SERVICES MANAGER 19

1.33 WINDOWS MEDIA PERFORMANCE 21

1.34 WINDOWS MEDIA ADMINISTRATOR 21

1.35 WINS (WINDOWS INTERNET NAME SERVICE) 22

2. SYSTEM PROPERTIES ON WINDOWS 2000 SERVERS 23

2.1 OVERVIEW 23

2.2 INTRODUCTION TO SYSTEM PROPERTIES 23

2.3 NETWORK IDENTIFICATION 24

2.4 HARDWARE 25

2.4.1 Configuring Devices 30

2.4.2 Driver Signing 31

2.4.3 Hardware Wizard 32

2.4.4 Hardware Profiles 33

2.5 USER PROFILES 34

2.6 ADVANCED 35

2.6.1 ENVIRONMENT VARIABLES 37

2.6.2 STARTUP AND RECOVERY 38

3. BUILD-IN DISASTER RECOVERY FEATURES AND TOOLS IN WINDOWS 2000 SERVER 40

3.1 OVERVIEW 40

3.2 SAFE MODE 40

3.2.1 Safe Mode Options 40

3.3 EMERGENCY REPAIR DISK 42

3.4 RECOVERY CONSOLE 42

3.4.1 To install the Recovery Console as a startup option 43

3.4.2 Recovery Console Commands 44

3.4.3 Creating Windows 2000 Boot Disks 46

3.5 WINDOWS 2000 BACKUP AND RESTORE 47

3.5.1 INTRODUCING WINDOWS 2000 BACKUP PROGRAM 47

3.5.2 Welcome Tab 47

3.5.3 Backup Tab 48

3.5.4 Restore Tab 49

3.5.5 Scheduled Jobs Tab 49

3.5.6 Backing up a Folder 49

3.6 RESTORING FROM A BACKUP 54

4. ACTIVE DIRECTORY 60

4.1 ADVANTAGES OF ACTIVE DIRECTORY 60

4.2 INSTALLATION REQUIREMENTS FOR ACTIVE DIRECTORY 60

4.2.1 How to start the Active Directory Domains and Trusts snap-in 61

4.3 UNDERSTANDING DOMAINS 62

4.3.1 Domain Naming 63

4.3.2 Benefits of Domains 63

4.3.3 Understanding Trust Relationships Amongst Domains 64

4.4 DOMAIN MODES 65

4.5 CREATING OBJECTS IN ACTIVE DIRECTORY 66

4.6 ORGANISATIONAL UNITS 67

4.7 CREATING A NEW USER ACCOUNT 68

4.8 ACTIVE DIRECTORY CLIENTS 69

4.8.1 Locating a domain controller 69

5. DNS 70

5.1 OVERVIEW 70

5.2 INSTALLING DNS 70

5.2.1 Configuring the DNS domain name of a computer 72

5.2.2 Creating a standard primary DNS zone 73

5.2.3 Configuring the forward and reverse lookup zones to allow dynamic update. 74

5.2.4 Testing DNS Server Service 74

5.2.5 Creating Active Directory Integrated Zones 75

5.2.6 Converting Existing Zones to Active Directory Integrated Zone 76

6. GROUP POLICIES 77

6.1 GROUPS OVERVIEW 77

6.2 GROUP POLICIES 78

6.3 HOW AND WHEN GROUP POLICY IS APPLIED 78

6.3.1 User and computer policy 78

6.3.2 The Order of application 79

6.3.3 Blocking policy inheritance 79

6.3.4 Group Policy Administrative Requirements 79

6.3.5 Enforcing policy from above 80

6.4 DEFAULT PERMISSIONS FOR GROUP POLICY OBJECTS 80

6.5 DELEGATING CONTROL OF GROUP POLICY 81

6.6 HOW TO SET READ AND WRITE PERMISSIONS FOR GROUP POLICY 81

7. KERBEROS 82

7.1 A COMPARISON OF NTLM AND KERBEROS AND ADVANTAGES OF KERBEROS AUTHENTICATION 82

7.2 NTLM AUTHENTICATION 84

7.3 SETTING KERBEROS POLICY 85

7.4 MAJOR DIFFERENCES BETWEEN WINDOWS 2000'S ACTIVE DIRECTORY AND WINDOWS NT'S DIRECTORY 88

8. REMOTE STORAGE 90

8.1 OVERVIEW 90

8.2 SETTING UP REMOTE STORAGE SERVICE 91

8.3 USING WINDOWS 2000 BACKUP TO RESTORE FILES FROM REMOTE STORAGE 97

8.4 BACKING UP REMOTE STORAGE FILES 98

9. TELNET SERVER 101

9.1 OVERVIEW 101

9.2 TELNET AUTHENTICATION METHODS 101

9.2.1 Set the Telnet SERVER to use only NTLM authentication 101

9.2.2 Setting the Telnet CLIENT to use only NTLM authentication 102

9.3 USING TELNET 103

10. DISTRIBUTED FILE SYSTEM (DFS) 107

10.1 OVERVIEW 107

10.2 DFS TYPES 107

10.3 ADVANTAGES OF DFS 108

10.4 EASY ACCESS TO FILES 108

10.4.1 Server load balancing 109

10.4.2 Availability 109

10.5 REASONS FOR USING DFS IN A NETWORK 109

10.6 SECURITY ASPECT OF DISTRIBUTED FILE SYSTEM 110

10.7 PLATFORM COMPATIBILITY 110

10.8 ADDING A DFS LINK 113

10.9 ADDING A DFS SHARED FOLDER 114

10.10 CONFIGURING REPLICATION OF DFS 115

10.10.1 Replicating a Dfs root 115

10.10.2 Replicating a Dfs shared folder 116

10.11 CHECKING DFS SHARED FOLDER STATUS 117

11. DHCP (DYNAMIC HOST CONFIGURATION PROTOCOL) 121

11.1 DHCP CONCEPTS AND TERMINOLOGY 121

11.1.1 Scope 121

11.1.2 Superscope 121

11.1.3 Exclusion range 121

11.1.4 Address Pool 121

11.1.5 Lease 122

11.1.6 Reservation 122

11.1.7 Option Types 122

11.1.8 Options Class 122

11.2 BENEFITS OF DHCP SERVERS 123

11.3 HOW CLIENTS USE DHCP SERVERS 123

11.4 HOW DHCP SERVERS PROVIDE OPTIONAL DATA 123

11.5 INSTALLING DHCP SERVER 124

11.6 CREATING A SCOPE 124

11.6.1 Enabling DNS dynamic updates for clients 126

11.6.2 Verifying, release, or renew a client address lease 126

11.6.3 Activating a scope 127

11.7 SUPERSCOPES 128

11.7.1 Creating Superscopes 129

11.8 DHCP OPTIONS 129

11.8.1 How options are applied 129

11.8.2 Commonly used options 130

11.9 MICROSOFT DHCP CLIENTS 131

11.10 TROUBLESHOOTING DHCP 131

11.10.1 Server Related Problems 131

11.10.2 Client Related Problems 132

11.11 ANALYSING SERVER LOG FILES 133

11.11.1 DHCP server log file format 133

11.11.2 DHCP server log: Common event codes 134

11.11.3 DHCP server logs: Server authorisation events 134

12. DELEGATING ADMINISTRATION IN WINDOWS 2000 SERVER ENVIRONMENT 137

13. ADVANCED PRINTING 139

13.1 WEB BASED PRINTING 139

13.2 VIEWING DOCUMENT LIST VIA A WEB BROWSER 140

13.3 VIEWING ALL PRINTERS VIA A WEB BROWSER 141

13.4 PRINTER PROPERTIES VIA BROWSERS 142

14. TCP/IP UTILITIES 143

14.1 CONNECTIVITY UTILITIES 143

14.1.1 FTP 143

14.1.2 LPR 143

14.1.3 RCP 144

14.1.4 REXEC 144

14.1.5 RSH 145

14.1.6 TELNET 145

14.1.7 TFTP 146

14.2 DIAGNOSTIC UTILITIES 146

14.2.1 ARP 146

14.2.2 HOSTNAME 147

14.2.3 IPCONFIG 148

14.2.4 LPQ 148

14.2.5 NBTSTAT 149

14.2.6 NETSTAT 150

14.2.7 NSLOOKUP 151

14.2.8 PING 151

14.2.9 ROUTE 152

14.2.10 TRACERT 153

14.2.11 PATHPING 154

14.3 SERVER BASED SOFTWARE 154

14.3.1 TCP/IP PRINTING SERVICE 154

14.3.2 INTERNET INFORMATION SERVICES 155

14.3.3 PEER WEB SERVICES 155

15. INSTALLING AND CONFIGURING WEB & FTP ON WINDOWS 2000 SERVER 156

15.1 INSTALLING IIS ON WINDOWS 2000 SERVER 156

15.1.1 Testing Your IIS Installation 157

15.2 CONFIGURING IIS 157

15.3 CREATING AN FTP SERVER 163

15.4 CREATING A WEB SERVER 166

15.5 CREATING A VIRTUAL DIRECTORY 170

15.5.1 FrontPage Server Extensions 173

16. APPENDIX 174

16.1 FAQ OF WINDOWS 2000 SERVERS 174

16.1.1 HOW CAN I ENABLE INTERNET CONNECTION SHARING ON A NETWORK CONNECTION 174

16.1.2 HOW CAN I SCHEDULE TASKS? 174

16.1.3 WHAT IS WINDOWS INSTALLER? 174

16.1.4 WHAT ARE SECURITY TEMPLATES AND HOW CAN I VIEW THEM? 176

16.1.5 WHAT'S NEW IN WINDOWS 2000 OR DIFFERENT FROM MS-DOS COMMANDS? 177

Windows 2000 Server Advanced Topics: Step by Step Guide

40960

(c) S.T.E.P.S Consulting Pty. Ltd. Page 5