Ø Ø Ø ÙŠÙ Ø Ø Ø Ù Ù Ø Ù Ø Ø ÙƒØ Ø Ø Ù Ø Ø Ø Ù Ø ÙŠØ©

-1 3...........................
10........................
-2 winXP
-3 Xp 19..........................
-4 Sysprep -5 22..........................
36...............................Group Policy
-6 44....Group
Policy
-7 52...Group Policy
-8 ( !)
........................................................................................
58..
-9
64 ..............................................................................
-10 Scripts 75 ..............................................
-11 79...................................................... dns
-11 Dynamic Disk94...............................

12 95............................................ group policy
-13 100...................
-14 )101. (windows XP
-15 Client Remote Access
108............................................................................Server
1
-16 (
USB Devices
107 ....................................................................
-17 Shadow Copies
134 .........................................................................................2003
-18 Web Server151.. IIS 6.0
-19 164.................................. Distributed File System
196..2003
-20 Html
-21208...................... Active Directory Sites and Services
-22 ) (Additional Domain Controller
Replicate 232.............................................................
-23 ( ) Additional Account Info
246 ......................................................................Active Directory
-24 252 ......................................Isa Server 2006
CACH -25
........................................ ISA
277.........................
286........Internet Security And Acceleration Server 2004 -26
-27 304 .....................................................
332 ..................................................................configure Http -28
-29 344.........................
ToolBox -30355 ...................................................... ISA 2004
-31 ** Isa2004
373 ................................................................................
-32 Cache
..........................................
381.
-33 385........................................ ISA Server
- 34 388..........
35 ftp 396 ..................................................
- 36 VPN 403 ........................
Domain Trusts ,Child Domains and Additional Domain -37
413......................................... ........................................... Controller
-38 MMC 420.....................AUTHOR MODE

-39 430 ...............................................................
437
................................................................. Routing and Remote Access -40

5
..

.
%100
Windows XP Professional

1 :

2 :
: 3
winXP
!!
XP

IP ....
10
11
12
13
14
15
16
17
18
Proceed
Guest
XP
19
Xp ...

XP

.. ( .... ))
.
... :: 1 ::
( ) :.
1 // ) ( CDXP .
2 // support tools ...
support tools .
3 // DEPLOY.CAB ... ...
(( Extract-
)) . winzip
4 // ... ((
)) stupmgr.exe
.
:.
1 stupmgr.exe 20
((
DEPLOY.CAB ))
((
)) . 3
2 stupmgr.exe 2000 XP ... (( .))
5 // stupmgr.exe ....
) ( wizard
((
....
))
1. unattend.txt
2. unattend.bat
21

1 unattend.txt unattend.bat unattend.txt winnt.sif

<<< >>> unattend.txt /// winnt.sif /// unattend.bat
..
6 // .
....
DEPLOY.CAB
deploy.chm
XP ...
CD-ROM

22

Sysprep
Sysprep
-1 20
office
, nero , antivirus , ..

20
-2
..
sysprep

Norton ghost

( )
: sysprep hardware
slots
:
1- Microsoft Sysprep Tool
)2- Disk imaging software (Norton ghost
:
software
multiple user setup
Device Manager
IDE controllers IDE Standard
23
Standard Intel
24
25
26
27
Standard IDE controller
SUPPORT \ TOOLS
DEPLOY.CAB
28
Sysprep root \ C:
DEPLOY setupmgr.exe

29
30
31

license network
settings finish
32
33
cancel
sysprep.inf
34
i386
sysprep.exe
35
Factory
shutdown
Norton
ghost

36
Reseal

37
)(Group Policy
) (Group Policy ,

.

,
.
,
.
:
1 ) (Group Policy .
2 ) (Group Policy .

) (Group Policy (
,
) ,

Client .
) (Group Policy
, 2000 2000 .
)(Group Policy
,
.
(
)
38
,
2000 2000 XP
, 2003
,
(
)
39
XP
, 2000 2003

2000 XP .
40
:
) (Group Policy
, .
) (Group Policy

, , Setting
Supported On
.
41
Extended
.

( )
42

,
.
( )
43
) (Group Policy ,
,
:
Group Policy
gpmc

Firewall ,
NetBIOS .
:
44
Windows Server
2003 Enterprise Edition SP1 .
45
(Group
)policy

:-
( )...... . . . . .

OU

1 OU2 OU OU
3- Group Policy
46
Edit

Enable
.

47

:-

1-
48

" "Active desktop:-
""Enabled

49
(Internet
)explorer
.

:-
50

.
Computer configuration
51

( , )
user configuration > administrative tamplets > system
don't run specified windows application

enable show add
52
, system32 okok

Group Policy
53
OU
OU
...
OU
OU .
OU
...
Active Directory Users & Computers ( ...
! )
54
55
Deny
Apply Group Policy
...
56

(gpmc) ..
57
...
Group Policy OU
.
Delegation
Advanced ..
Deny Apply Group Policy
58
..
59
[][] (
!) [][]
group policy
xp 2000
start run
gpedit.msc ok

c d ..

..
administrator ..

..
..
enableddisabled
:

...
.
60
...
1- ..
2-
61
3- ( c: )
62
4- () .
63
5- .
64
OU Windows Firewall /
Group Policy
Windows Firewall : Protect all network Connections
:
:
Computer Configuration > Administrative Templates >
Network > Windows Firewall > Windows Firewall : Protect
all network Connections
Disabled
65
workgroup? domain

domain group policy ou group
policy
user configuration windows settings internet
explorer maintenance security security
zones and content rating
import the current security modify trust sites
, restricted sits
locally run
gpedit.msc

run
gpupdate /force,

.
Disable sActive Directory

snapp-in
: OU Administrators
group Group Policy Object :
:
>User Configuration -> Administrative Templates -
Windows Components -> Micro$oft Management Console
-> Restricted/Permitted snap-ins
Disable
66
-1 > > Run services.msc , Remote

Registry
Properties Disable OK :
-2 ,
Administrator Guest .
Administrator .
:
67
3 , ( ) ( ).
( )
:
68
69
70
( )
.
- 6 Properties My Computer ()
:
71
5 > > Run gpedit.msc WindowsSettings security settings :
72
-6 .
,
,
:
: ,
:
PC1 :
73
.
: > > Run regedt32.exe :
74
, .
: My Computer () Management
:
75
.

,
Net school.
Program File .
, ,
.
76
Scripts ..
( ) , , , !!!
Logon/Logout
Scripts

Startup/Shutdown
Scripts
Logon
Script

( GPO ) ..
!!!

Profile ( ) ..
!!!

.
- -

Logon Script ..

*
1 : /XP 2000 .. :
Computer Managements\Local Users And
Groups\Users\{UserName}\Properties\Profile
77
/ /
..
( .. Schedule /
).
2 : Domain .. :Active Directory Users and

Groups\{DomainName}\Users\{UserName}\Properties\Pr ofile

/ ..
Logon
Script.

* / Site Domain OU Sub-OU
Local GPO .. " " ..
) Scripts (Startup/Shutdown / .
.. ..
.. :
78
Policy_name Policy/Computer Configuration/Windows Settings/Scripts

)(Startup/Shutdown

..
Startup ,
.
/
) Scripts (Logon/Logoff
.. :
Policy_name Policy/User Configuration/Windows Settings/Scripts
)(Logon/Logoff
79

.. / .
: / :
%SystemRoot%\system32\GroupPolicy\Machine\Scripts\
{Logon/Logoff}
%SystemRoot%\system32\GroupPolicy\User\Scripts\{Lo gon/Logoff}
: :
%SystemRoot%\SYSVOL\sysvol\<DOMAIN>\Policies\<GUID>\USER\Scri
pts\{Logon/Logoff}
%SystemRoot%\SYSVOL\sysvol\<DOMAIN>\Policies\<GUID>\MACHINE\
Scripts\{Startup/Shutdown}
: Logon Script :
\\{ComputerName}\NetLogon\
80
Dns
IIS 6.0
IP:
-1
Folder Site
Publish hi.html ..
-2 IISNew Web Site..
81
-3 Wizard Next
..
-4 IP Next..
82
-5 Browse Folder
..
83
-6 Permission
Read Finish..
84
-7 Web Site Properties

..
85
-8 Documents Add
Folder hi.html OK ..
86
-9 http://192.168.0.1
..
87
-10 Name Resolving .. DNS

Zone Cname:
88
Record IP:
89
-11 www.security.com ..
90
12- ..
:
( )4 IP Web site..- ( )10 Name Resolving
91
-1 DNS NEW Primary Zone

nemo.com..
-2 New Record:
92
-3 Ping..
93
-4 www.nemo.com ..
94
Dynamic Disk

2000 XP
Administrative Tools Computer Management
Disk Management
:
1- simple .
2- spanned
.
3- stripped
( )
.
4- mirrored
.
5- RAID5
ECC

.
FAT32 NTFS

Convert to Dynamic Disk
.

.
(
)Universal Serial Bus (USB
( IEEE 1394 ) FireWire SCSI
). SCSI
,
group policy
95
2000 .

CD Rom .
.
.
gpedit.msc run
.
Local computer pilcy

Computer Configration .
User Configration .
.
Computer Configration
.
Software Setting
Windows Setting
Administrative Templates
User Configration
Software Setting
Windows Setting
Administrative Templates


.
User Configration
.
96
Computer
Configration User Configration.

.

.
Software Setting

.
Computer
Configration

.

User Configration

.
Windows Setting

)script ( startup/shutdown

.
startup
shutdown
User Configration
97
.
startup add
.
security setting

.
.
account policies
.

Password policy
Account lockout policy
Password policy

1- Enforce password history

.
: 24
2 dhorizono

.

.
2- Minimum password age

.
98
: 998
2
.
.
:
.
3- Maximum password age

.
: 998
2 .
.
4- Minimum password length

.
: 14
.
.
5- Passwords must meet complexity requirements of the installed

password filter

* & $ #
.
:
enabled disabled .
6- Store password using reversible encryption for all users in the

domain
.

.
99
.
:
.
.

100
Remote Desktop
Remote Desktop
Remote Desktop Users group
Domain controler
Domain controler policy
Domain controlers OU
:
computer settings - windows settings - security settings - local policies user rights assignment - allow logon through terminal services
Remote Desktop Users group
Run
gpupdate /force

(windows XP)
performance and maintenance . control panel 1: administrative tools 2active directory users and -computer management
101
computers .
-local security policy .
-event viewer .
-performance .
-component services .
-services .
-data sources (ODBC) .
--------------------------------------------------------------## (local security policy):-
__________________________________________
1 ) (local security policy account policies,local policies,public key policies,software restriction
policies and IP security policies on local computer).
:
hackers .
2 (account policies): (password policy):
.. (enforce password history): (right
)click (properties).. (do not keep password
)history ....
password ( )5
) (hackers
... !!!
.
( )0 .
(maximum password age): ) (right click
(properties).. ) (password will expire in
.... password
( )34 password ()34

password ..
(my computer\control panel\performance and
)maintainence\administrative tools\computer management
password
102
(forever). (minimum password age): (right

)click (properties).. (password can be changed
)immediately ....
password ( )1
password ( )34
) (maximum password age
hackers
password ) (trusted system
.
(minimum password length): ) (right click
(properties).. ) (no password required
.... password
( :)0
password ( )1
password ( ) 2

.. . (password must meet
complexity requirements): ) (right click
(properties).. ) (enabled ) (disabled ...
passwoed :
password .
hacker
.. !!!!
) (disabled .. . (store
password using reversible encryption for all users in the domain):
) (right click (properties).. ) (enabled
) (disabled ... ) (network
) (server ) (hosts (clients).
) (administrative tools

(disabled).
(account lockout policy):
(account lockout duration): ) (right click
103
(properties)..
: ) (account ) (user
) (username ) (lockout ) (policy
account
user .. ) (user
:
. .
(account lockout threshold): ) (right click
(properties).. ) (account will not lockout
....
) (password password
( )4 (invalid logon
)attempts ( )4
. hackers

.. (
!!!!!!!!!) . (reset account lockout counter after):
) (right click (properties)..
) (users
) (user ) (remote access

.
3 (local policies): (audit policy):
:
1-(audit account logon events): ) (right click
(properties).. (audit these attempts)..
)(success ) (failure (audit)..
(NETWORK):
) (auditor
(audit).. ) (audit
) (the TRUSTED USER
.. (audit
)account logon events
104
) (SERVER
(auditing) ..
server hosts ) (administrator ) (server
) (server ) (success ) (access ) (client
) (host ) (failure(success).
2-(audit policy change): ) (right click (properties)..
(audit these attempts).. ) (success ) (failure
( user
account policy !!!!!!!!!!!!!!!
.
.
) (user rights assignment
.. :
:
1-(access this computer from the network): ) (right click
(properties)..
): (add user or group (remove).. (access
)this computer from the network (
network ) : (users-
) administrators-everyone-backup operators-power users-guest
: ) (add user or group
.. .
2-(deny access to this computer from the network): )(right click
(properties)..
): (add user or group (remove)..
)(deny access to this computer from the network (
network ) :
)(users-administrators-everyone-backup operators-power users-guest
: ) (add user or group
.. .
3-(force shutdown from a remote system): ) (right click
(properties)..
): (add user or group (remove).. (access
this computer from the network).. (
105
(remote
) access system ) (registry (
) : ) (search ) (blackcode (registry).
4 : ) (right click ) (my computer (properties). (remote).. . (advanced).. . (allow this computer to be controlledremotely).
() . ) (RUN ) (username ) (password

hackers ) (administrative tools
. . .
xp
xp run
1- cleanmgr.exe .
2- cmd.exe
3- dxdiag.exe direct X .
4- regedt32.exe .
5- taskmgr.exe ( Ctrl+Alt + Del
).
6- certmgr.msc certificates .
106
7- ciadv.msc xp .
8- compmgmt.msc .
9- diskmgmt.msc
.
10 - devmgmt.msc device manger .
11- dfrg.msc .
12- eventvwr.msc event viewer .
13- fsmgmt.msc shared folders .
14 - gpedit.msc group policy
.
15- lusrmgr.msc local users and
groups
16 - ntmsmgr.msc .
17 - perfmon.msc .
18- secpol.msc xp .
19 - services.msc services
.
107
20 - rsop.msc ( Resultant set of policies

)
21- mmc Microsoft Management Console
Admin
Client
Remote Access Server
Remote Access
Client
..
Network Connections ...
Start>settings>network Connections
108
Create a new Connection ..
109
Next
110
][COLOR=Blue

VPN Dial-up
111
Dial-up
VPN
Dial-up
server ..
VPN Next
112
...NEXT
IP
VPN IP Public IP Address
...
113
IPNEXT
finish
114
Network Connections
ArabsGate VPN ....
ArabsGate
Connect
115
Username & Password
116
117
(
USB Devices

Flash Memory External HDD
USB
USB
Removable Devices

Group Policy Management Console
:
http://download.microsoft.com/downl...8b5bb7/gpmc.msi
Administrative template
USB

:
http://www.petri.co.il/software/usb..._drives_adm.zip
setup for the group policy management console
118
119
120
setup

121
run gpmc.msc
122
123
124
Edit
125
Administrative Template Add / Remove
126
Add
127
Administrative Template
128
129
Template Custom Policy Settings

ViewFiltering
130
only show policy settings that can be fully managed
131
Disable USB Removable Device
132
133
group policy
management console
Active Directory OU
134

Shadow Copies 2003
2003 (
)VSS ( Volume Shadow Copy Service) .

,
.

,

.
,

.
2003 (
) Shadow Copies ) ( Snap Backup
,
, (
.

)

.
Shadow
Copies
.
.
.

.:
Copies
Shadow
135
2003
.

) ( VSS , 2003
,

, .
, ,

.

NTFS ,
.

: 3 ) NTFS (C,D,E
,
.

( ) (7:00 12:00) .
100

,

,
....
.

NTBackup ,

) (System Volume Information
Hidden , System

.

) ( Shadow Copies
136
, My Computer

Properties Shadow
:
Copies
, Computer Management
Storage Disk Management .
Shadow Copies ,
Enable .

,
.

Select a volume
:
137
NTFS .
Volume :
Next Run Time : Shadow Copies ,

.

.
Shares
:
Used : Shadow Copies .

Shadow Copies of Selected volume .

, Settings

Storage Area: ( )
Located on this volume
,
.
,
138

.

100 ,

.
Maximum size .
,
,
.

64
.

Details : Details
.
Schedule : ,
,

139

, ,

.
,
Create Now ,
.
Create Now .
140
,
.

:

.
.

.

,
( )

Previous Versions :
141
Previous Versions Shadow

Copies ,
.

, ) (twcli32.msi
:
:
%Systemroot%\system32\clients\twclient\x86
Group Policy SMS

.

142
Windows XP Windows
2003 , Windows 2000

,

Windows NT 4.0 Windows 98
.
Windows
ME
: Previous Versions
,

Previous Versions VSS .
UNC
:
\\Server_Name\Share_Name
, Run Start .
,
Previous
Versions
.

Previous

Versions ,
View

.

Copy .
143
144
Previous Versions ,
.
Previous Versions
.

,

.

,
,

.

,
Run

, : Run :
:
145
\\192.168.0.1\C$
$C 192.168.0.1
,
.

.

.

:
:

,
,

Computer Management
( Windows XP
)
.
1 Computer Management ComputerManagement , Connect

To
Another
Computer
Select Computer
IP Browse.
146
2 Storage Disk Management ,

.

3 , Disk Management All Tasks Configure Shadow
Copies .
147
4 Settings , , OK .
5 , , Create Now ,
.
:
1
4:

Volume Shadow Copies of selected ,

Delete Now .
:
148

, .
,

.
1 4:
Shadow Copies
Disable , Yes ,

.
:
,
,
.
1 , Windows Server 2003
Windows 2000 .
.
2 , .

,
) (Domain Controllers (Active
) Directory.

,

.
3 ) ( Cluster KB 16 .
149
Disk Defragmenter
Cluster KB 16
.
Windows Server 2003 Cluster 4 KB
, GB 2
.
Fat Convert
NTFS Convert , Convert

Cluster Bytes 512
Fat .
Acronis Disk Director
Suite Norton Partition Magic Cluster
, KB 16 ,
32 KB .64
Cluster ,
,

, KB 16 .
4 ( Mount) Point ) ( Mount Drive
NTFS .
,
.

,

.
5 Volume Shadow Copies .
6 Shadow Copies , Service
Pack 1
,
150
:
7 , ,

,
:

Previous Versions ,
.
, ,
.
:
Volume Shadow Copies
,
.
,
.

151
Web
ServerIIS 6.0
Folder
Site Publish
hi.html ..
2- IISNew Web Site..
3 Wizard Next ..
152
4- IP Next..
153
5 Browse Folder ..
154
6 Permission Read Finish..
155
7- Web Site Properties ..
156
8 Documents Add Folder hi.html OK ..
157
9 http://192.168.0.1 ..
158
10 Name Resolving .. DNS Zone Cname:
159
Record IP:
160
11- www.security.com ..
161

12 .. :
( )4 IP Web site.. ( )10 Name Resolving :
1 DNS NEW Primary Zone
nemo.com..
2- New Record:
162
163
3- Ping..
4- www.nemo.com ..
164
Distributed File System
Distributed File System DFS

2003
.
( 2 )3
:
Map Network
Drive :
1- Start Run \\server2 OK
165
2- 2
3- Map Network Drive
166
4- Finish
5 3 4 Map6- 1 2 3
167
7- 3
8 3 4 Map Map .
Drives My Computer
. Distributed File System DFS.
DFS
. Map Map
.
DFS Root
168
1 DFS Root
Map Public Root .1
Public Root
Public Root .
1 Start Administrative Tools Distributed File

System
169
New Root Distributed File System
Next
170
Domain root Next
( ) test.local Next
171
Server1 Next
Root Next
172
Browse Root
. : C:\Public Root OK
173
Next
174
Finish
Root test.local PublicRoot Public Root

1
: Root
Links
Links Root
.
Root New Link
175
Link Users ( 2 ) .
( Link ) Browse
Users 2 OK
OK
176
Users 2 Root 1
Links 23
Links 7 2:3
Accounting 2
177
Graphic Design 2
IT 2
Marketing 2
178
Sales 3
Procedures 3
Root 1 ManagersRoot Links 2

HR Managers 3 Root
.
179
: 2000 Root .
: Links Root 2 3
. Link .
MapRoot
Root Public Root Root ManagersRoot.
Map :
1- Start Run ( ) OK
Roots DFS
180
2- PublicRootMap Network Drive
3- P Finish
181
4- My Computer Drive P
Links Public Root
182
2 3
5 1 3 ManagersRoot 2 M 3
6- My Computer Drive M
Links ManagersRoot
183
Root Target
Root
Root . Root
.
.
.
4 Root Public Root
:
184
:
PublicRootNew Root Target
185
Server4 Browse Next
( 4 )1 Next
186
Finish
Target Root
187
RootManagersRoot
1 4
1 .
Replication
Target Root
Root (Replication).
PublicRoot Check Status
188
online
.
PublicRootConfigure Replication
189
Root 1Next
Replication. Finish
190
Link Target
DFS .
Users 2 3
2 3 Targets Link
Users
Users.
Users 2 9 :
191
3 Users
Users permissions
( 2 )
192
DFS Link Users New Target
Users 3 OK
193
Yes :
2Next
RingFinish
194
Link Users 3
2 Users
9 Users 2
Users 3 :
195
Users : 2
. 3
.
:

Root Root
196
Html
2003
2000 Terminal
Services .
Terminal Services
.2003
Remote Desktop , HTML

,
,

,
.
2003
,
)(Terminal Services .2003
:
1 .2 HTML .3 . :
1 HTML .2 Remote Desktop .
...
1 : Terminal Server
.2003
Terminal Server Terminal Licensing
Add Or RemoveControl Panel .
Terminal Server Remote Desktop
.
Remote Desktop ,
Terminal Server .
Remote Desktop
.
197
HTML ,
Terminal Server ,
Remote Desktop ,
.
HTML ) (Remote Administration HTML
) IIS (Internet Information Services
,

, 2003 IIS .
HTML .
1 Control Panel Add or Remove Programs Add / RemoveWindows Components .
2 Application Server Details , )Internet Information Services (IIS Details ,
IIS ,
, NNTP Service
SMTP Service FTP Service , .
3 : Common Files , World Wide WebService, Internet Information Services Manager .
World Wide Web Service Details ,
:
198
199
OK 3 Next , 2003
.
, HTML ,
IIs
200
IIS
, ,
.
2003 IIS ,
IIS:
> Start > Programs > Administrative Tools Internet Information

Services (IIS) Manager .
,
,
.
:
201
202
203
Directory Security ,
.
,
Active Directory .
:
1- Anonymous access :
.
2- Integrated Windows authentication :
(
)Windows NT Challenge / Response
.
3- Digest authentication for Windows Domain Servers :
(Domain) , .
,

HTTP 1.1 .
4- Basic authentication : (Domain) ,
, .
SSL ,
5- .NET Passport authentication :
HTTP , Jscript , .
204
,
Administration
HTML ,
Remote Desktop :
205
206
,
.
:
,

, .
IIs , ) (Meta Base

XML .
IIS Manager ALL Tasks
Backup/Restore Configuration , :
207
208
,
,
,
.
, ,
HTML .
209
Active Directory Sites and Services
Active Directory
Domain Controllers .
....
) (WAN
( DSL ) T1
)(LAN ( Ethernet).
:
domain controllers 2 . IP 192.168.1.0
domain controller . IP 192.168.2.0
Domain test.local Domain Controllers Server1 Server2 Domain Controller Server3. ( T1 Mb 1.5 24). :
: Domain Controllers
210
.
Authentication (
Ctrl+Alt+Del).
T1
!
Mb 100 Mb 1.5
.
Active Directory Sites and Services.
Active Directory Sites and Services Start All Programs
Administrative Tools Active Directory Sites and Services
.

Default-First-Site-Name
.
211

.
: ( T3
Mb)45 Site
.
Mb 10 Site .
Mb 10 Site
.
:
1( Site) .2 Site .3( Subnet ) Site.4- Site Site License Server.
:( Site)
Site Default-First-Site-Name Riyadh
Default-First-Site-NameRename
212
Riyadh Enter
: Site .
. Site
Sites NewSite
213
Dammam DEFAULTIPSITELINK OK
OK
.
214
: Site
Site Site

SERVER3 Site Site

SERVER3 Move
215
DammamOK
216
:( Subnet ) Site
IP 192.168.1.0 IP
.192.168.2.0
Subnet Subnets NewSubnet
IP Subnet Mask OK
217
218
: Site Site License Server

Licenses
License .
219
. Licensing Site
SettingsProperties
Change ( ) SERVER1 OK
OK
.
:
220
( IP
192.168.2.11) . Authentication
( SERVER3 IP . 192.168.2.1) SERVER3
.192.168.2.0
Replication
Replication .
Replication Sites:
INTRA Site Replication )(Site
INTER Site Replication
User Active Directory SERVER1.
SERVER1 SERVER2 Site SERVER1 SERVER2
15 . SERVER2 .
INTRA Site Replication.
SERVER1 SERVER3 SERVER1
SERVER3 3 ( ) . SERVER3
. INTER Site Replication.
Replication (
SERVER1 SERVER2 ) SERVER3 SERVER1 NTDS
Settings.
SERVER3 Replicate Now
221
OK.
SERVER2:
222
Replication
(SERVER1 ) SERVER3INTER Site Replication
Replication
(SERVER1 ) SERVER2INTRA Site Replication
T1 Active Directory Sites and
Services . Inter-Site Transports IP.
Site Link T1 . Site Link
DEFAULTIPSITELINK
Site Link DEFAULTIPSITELINK Riyadh-Dammam
T1 Link DEFAULTIPSITELINKRename:
223
Riyadh-Dammam T1 LinkEnter
Riyadh-Dammam T1 LinkProperties
Site Link .
224
:
Description: ()
Sites in this site link: .
Replicate Every: Replication .
180 ( ).
Change Schedule: Replication.
Replication 24 7/ ( ) .
Replication .
( Replication )
.
225
Cost: . Site Link

100 Cost T1 .
. Dial-Up
Modem. Site Link Riyadh-Dammam Dial-
Up Link. Cost Site Link(
.)200 Site Links:2
Cost Riyadh-Dammam T1 Link100

Cost Riyadh-Dammam Dial-Up Link 200
Replication Link
Replication. Link ( T1 )100
Dial-Up. T1
100 (Dial-Up).200
: 100 200
.
226
: Site Link IP New Site Link
Preferred Bridgehead Server

Replication .
( ) . .
Active Directory SERVER2 .
SERVER2
Replication SERVER3 T1. SERVER3
Replication SERVER1 T1.
T1 .
SERVER2 Replication SERVER1
( ) SERVER1 Replication
SERVER3 T1. T1
T1 Ethernet.
( ) SERVER1 Properties
227
IP Add
228
OK .
Site Link Bridge

:
229
DSL Kb 512
DSL Kb.256
Site Jeddah Site Links :
230
Site Link Bridge .

DSL 256K
DSL 512K
IP New Site Link Bridge
Site Link Bridge Link Link

OK
231
.. Replication
232
(Additional Domain
)Controller Replicate
: Operation Master :

... ..
..
.
Error
: AD :
Active Directory :
1- schema
2- config
3- Domain
4- Application
( .... )

Catalog .
233
(
!) Child Domain .. .
....

.
: :
1 20032 250 3 ( AD ) NTFS .4 AD.5 AD DNS .6 : DSL Lased LineT1 .
:

1 2 : !
3- .
: !
:
1 .2 . !
" ) (Additional Domain Controller

Replicate "
DC1
234
RAHEL.COM ADDNS .

http://edu.arabsgate.com/showpost.p...1&postcount=159
DNS,DHCP . .
DC2 . .
2003.
!! !!
: START RUN dcpromo
.
:
( )
235
95 NT SP4
.

.. !

236
)
(
237
( )
238

( )
239

.
..
..
240
Additional Domain
Controller
241

.. Replicate
DC1 DC2 .
:
( ) ( )
242

1 /2 3- :
243
..
() DC2
244

DC1 Replicate
: DC2 DC1 .
...
:
245
( ) DC1 .
DC2
246
() Additional Account Info

Active
Directory
, , ,
,

,

,

,
.

:
1 . 2 . 3 . 4 ( ) .
5 .6 ( SID ) .7 . 8 ( Group Policy ) .
9 . 10 . , ,
.
(Windows
) 2003 Resource Kit Tools .
(
) Additional Account Info Active Directory
Active Directory Users and Computers .
) ( acctinfo.dll
) ( Windows 2003 Resource Kit Tools
247
:
(Windows 2003 Resource Kit Support Tools (12mb
:
1 ) ( acctinfo.dll :HTML:
\%systemroot%\system32
SystemRoot .
2 Run :HTML:
regsvr32 %systemroot%\system32\acctinfo.dll
,
Install.cmd .
3 Active Directory Users and Computers , Properties
248
4 ) (Additional Account Info , ) ( Domain PW Info

,
)(Set PW On Site DC.. .
249
250
5 ) (Additional Account Info , Run :

HTML:
regsvr32 /u %systemroot%\system32\acctinfo.dll
,
UnInstall.cmd .
251
:
) (Additional Account Info ,
.
:
1 Domain Primary Domain , ChildDomain ) ( acctinfo.dll .
2 , Windows 2000 Server ,Windows Server 2003
Isa Server 2006
252

Windows 2003 server Enterprise
Windows Server 2003 Standard Service
Pack 1 :
isa server 2006 standard edition :
ISA2K6EVLS_EN.exe
:
253

yes :
C:\ISA
Server 2006 Standard Edition CD :
2006 Install isa server

2006 :
254
255
256
257
258

internal network places
Properties
259
wan
Lan

:

:
Wan External :
lan Internal :
260
261
Add :
262
263
264
Install
:
265
266
267
2006

268
2006

FireWall Policy Access Rul
:
269
270
271
272
273
274
Apply :
2006
:
275

Firewall WebProxy Cach

...2006

..

2006 180

276
CACH ISA
2006

Cach :
Webcach

: 2006
: Partition NTFS
: 5
: % 20

:
Configration Cach
) (0
:
:
277
278

:
Cach Prooerties
:
279
Apply

:
Cach New Cach Rule :
280
281
282
283
284
Apply
2006
100%
285
Internet Security And Acceleration Server 2004
:
1-Monitoring
administrating
2-Firewall policy

3-Virtual private network

4-Networks
Internal & External
286
localhost , LAT :local

address table
firewall client Internal
5-Cache

Down
stream & up stream cache

6-Add-ins

HTTPS,HTTP FTP access filer
applications filters
7-General
:
Http compressor DNs ip Connection
limit Link translationDefine RADIUS Servers

: Monitoring

287
-Dashboard

client type

..
-Alerts

288
289
:
Cache
security
firewall
firewall service
5-Sessions

Secure nat , Firewall client , web proxy
290
291
Service firewall engine
292
!!!
firewall stop

293

isa administration

-logging

gfi web monitor isa administration

294
:
,,

..
.

firewall policy
295

" "
fire wall policy
,,

...
.
: Firewall policy

rules
296
"
External " Internal
:
c

External Internal
,,
..
-- Creat access rule :
297
All Access
Allow Block Allow
298
All outbound traffic

Internal to External add
Source
299
internal
External Distination
300
301
302
303
304
:
Content type:

Shedule :

305
,,
306
" Shedule
NEW
307
In active

msn messenger protocol
308

....
309
Block
310

MSN Messenger
311

20

msn
msn
,,
: ,,

External
" LocalHost
localhost to external

312

""Advanced rules

.
Internal External Adress Prrtocols

Advanced Rules
ports

FTP Upload ftp

account ..
313
ftp server
upload.

.
314
315

Discrition

316
computers
317
318
rule destination External
319
Internal
External
17

ISP work
Address range
320
address range
321
range
322
323
external
puplish server
ftp server
324
tasks creat new server puplish rule

325
( ) ftp server
326
FTP SERVER
327
21 ftp
328
21
329
Internal
FTP SERVER
330
: permission ftp server


""Advanced Rules

p2p

:
1 internet download manager downloadaccelerator

2 kazza imesh Bearshare p2p

Filter traffic
.
:
331
internal to external

configure Http
332
]
Http header
excutable exe
Block Responese containing
333
windows Excutable content

: rar , zip , pdf , avi , ..
extention

334
add

335
extention
Description

336
337
338
p2p
configure Http policy
339
signatures
add signatures
340
kazaa signatures :
341
signatures microsoft

:
http://www.microsoft.com/technet/isa/2004/plan/commonapplicationsign
atures.mspx
342
signature
343
) ( EMAIL CHECK
AUDIO
REDIRECT .
:
1 : URL SET :
NEW :
344
LOG IN 1
2 GMAIL LOGIN
3 LOGIN WILDCARDS.

HTTP:// .
RULE :
:
345
PROPARITES RULE ALLOW DENY :
APPLY :
346
.
2 : ( ) AUDIO :
RULE :
CONTENT TYPE PROPARTIES

:
347
DENY :
348
AUDIO .
3 : IIS NEW WEB .
WEB
PAGE:
349
IIS :
350
WEB :
ISA RULE :
351
352
: :
4- :
353
isa
7.5
apply

354
ToolBoxISA 2004
ISA 2004
Toolbox
.
:
Protocols .
Users .
Content Types .
Schedules Rules.
Network Objects .

.
:
PROTOCOLS
355
:
Common Protocols :
POP3.
Infrastructure :
PING.
Mail : SMTP.
Instant Messaging :
MSN Messenger.
Remote Terminal : Telnet.
Streaming Media :
MMS.
VPN and IPSec : PPTP .
Web : HTTP.
User-Defined :
.
Uthentication : RADIUS Accounting.
Server Protocols :
DNS.
All Protocols : .
:
NEW Protocol
356
New
:
(TCP)UDP
357
( )
OK
, NO
User-Defined
.
.

Sasser Blaster ISA Server
USERS
358
All Authenticated Users : (

)Active Directory
All Users : .
System and Network Service :
.
New :
359
Add
360
( Advanced )
:
:
Object Type
Location
Find Now

OK

CONTENT TYPES
361
:
Audio :
MP3.
NEW
362

OK.
Edit
Delete
SCHEDULES
363

.
New

364
:

( )
.
OK
NETWORK OBJECTS
365
:
Networks :
Internal.
Network Sets :
.
Computers :
.
Address Ranges : .10.0.0.255 10.0.0.1
Subnets : SubNet Mask .
Computer Sets : Anywhere.
URL Sets : .
Domain Name Sets : .
Web Listeners :
.
Network Network

366
Add OK
10.0.0.0

367
Network Set Network Set

computer
OK
Address Range
368
OK
Subnet

Ok

369

Computer Sets

:
Computer
Address Range

Subnet
OK
URL
370
URL new
OK
Domain Name Set
New OK
Web Listener

371
Address
372
** Isa2004

10 2004

) (Rule.
( ISA ) 2004 ))Domain
: Active
Directory

IT

373
User
374
ISA2004

375
376
377
378
379
380
Cache
Cache
(
)
.
( ) .
:
windowsecurity.com

.

.
381
:

1
.
2
.
3
.
:
1 .2 HTTP FTP.3 () Time To Live TTL

(
) Temporary Internet Files

ccproxy
( ) ( )
( )
382
(
) ( )
383

(
)
384
ISA Server ..
!!
Isa
Server 2000

Proxy Inspector for ISA Server
..
:
385

..
...
:
.
386
387

2004
2004

.
:

2004
1 Backup
2 backup
388
3-
4
1- Restore
389
2- restore
3-
390
4-
5- Apply
6-
391
Export
Configuration .
VPN:
1 VPN Export VPN Clients Configuration .
2 .
392
3-
Export
393
4
VPN
1 VPN Import VPN Clients Configuration .
2-
394
3-
4 Apply .

VPN .2004
395
Ftp
FTP

HR
Control Panel Add or Remove Programs

Add/Remove Windows Components
Application Server
Details Internet Information

)Services (IIS
396
Details File Transfer Protocol (FTP) Services

OK CD 2003

FTP
Start Administrative Tools IIS Manager FTP Sites
Default FTP Site Properties
397
HR IP 172.16.11.210
ftp://172.16.11.210
D:\HR :
FTP Sites New FTP Site :
398
IP 172.16.11.210 21

399
Do not isolate users
C:\HR:
400
Read only
401
ftp://172.16.11.210

VPN
402
2004
VPN VPN

.
VPN
VPN

1 Virtual Private)Networks (VPN
2- Enable VPN Client Access
3 4 5- Configure VPN Client Access
403
6 General Maximum number of VPN clients allowed 5 10
7 8 msfirewall.org
9 Domain Users CheckNames . .
404
10- L2TP/IPSEC
405
Enable User User Mapping 11When user name does not contain a Mapping.
. msfirewall.org domain, use this domain
406
12 .
VPN
VPN VPN
.

1 Firewall Policy .
2 VPN Client to Internet
407
3 4 This ruleapplies to
5 VPN Clients .
6 7 Access Rule Destination

8 9 408
10-
Dial-Up

Native

1 Domain Controller Administrative ToolsActive Directory Users and Computers
2 Administrator
3 Dial-Up VPN
409
4-
VPN
VPN
1 2000 My NetworkPlaces
2 3 410
4 5 192.168.1.70 6 7 8 ISAVPN 9-
: MSFIREWALL\Administrator

MSFIREWALL
Administrator
411
10 VPN Server MPPE 128 .
11 \\Exchange2003be .
VPN
.
412
Domain Trusts ,Child Domains and Additional Domain

Controller
..
( )

Additional Domain Controller
DNS server Active Directory

Domain Controler

Additional Domain Windows Server 2003
Child Domains

413

1 run dcpromo domain controller for a newdomainnext
2 child domain in an existing domain tree3 enterprise Administrator
4 myweb.comMynet.Myweb.com
5 next Shared System Volume
- 6 DNS registration DNS
Next
-7 permmision :
2003 2000
- 8 next
-9
MyNet.Myweb.com
MyWeb
414
Domain Trusts
(

)
virtual private network
bridge
.Staff.com Accounting.com

Login
Xp

Domain trust
Working with Active Directory Trusts

1 Active Directory Domains andTrusts Admnistrative tools
-2
properties
415
-3 Trusts New Trust
416
-4 Trust Name NetBios (

Login
. DNS
ServerName.MainDomain.com
-5 Trust Type External trustNext

-6 Direction of Trust (
)
- Two-way

-One-way: incoming

- One-way: outgoing
417

-7 ..

418
MMC
AUTHOR MODE
Console Snap-in
Add/Remove :
419
420
Snap-in Add
:
421
Computer Management
Add :

Local Computer
console Allow Finish
( ) Close
Add/Remove Snap-in Extensions
:
422

Add all extensions
:
Ok
:
423
Storage Action New Window

from Here :
424

Storage
Options
Console -
425
Storage
User mode single window
Ok Console Save
:
426
Save
:
427
Yes MMC

:
428

Scheduled Tasks
Add Scheduled Task

:
429
Next
:
Browse
:
dfrg Open :
430
Monthly Next
:
Next
:
431
Next
:
Open advanced
Finish Finish
Settings :
432

Ok :

Advanced - View Log :
433

Advanced - Notify Me of Missed Tasks
434

My Network Places

435
Scheduled Tasks :
436
Routing and Remote Access

..... Remote Access
...
Remote
Access :-
: Dial-up
: VPN (Virtual Private Network
Dial-up

Client Server
RAS SERVER Remote Access
Server.
Server Client
TCP/IP Encapsulation
Point-to-Point Protocol
PPP
TCP/IP Dial-up
****** Line Internet protocol SLIP
:-
SLIP Dial-up connection ProtocolSLIP Server
Dial-up Unix
437
Server SLIP
Wndows Server SLIP SERVER
RAS SLIP Connection.
Dial-up Connectoin
Remote
Access VPN.
438
VPN
.

.
VPN

VPN PPTP L2TP
:-
VPN connection
439
RAS Remote Access Server

:- RAS
Start>administrative tools>Routing and Remote Access
440
Disable
Configuring and Enable
Routing and remote Access
441
:-
442
Next ....
443
Remote Access Next

Dial-up connection
NEXT
444
Clients
IP address :-
: DHCP Server
: IP
.
Next
445
Next
446
Finish
447
OK
448
Server
...
449
+ Server
450
Server
Server Properties
451
General Tab
Remote Access Server
452
Security Tab
453
Authentication Methods
athentications
454
IP Tab IP
" " .
455
PPP Tab
456
Logging Tab
Server
457
Server Properties Routing and Remote Access

Console
Ports
VPN Connection Server Dial
up .....
458
Ports Remote Access Clients

Server
459
Remote Access Policy

Authentication ( )
Security Tab .
Remote Access policy (
Authorization
Remote Access Logging
log file ...
460
RAS Server
461

Ø Ø Ø ÙŠÙ Ø Ø Ø Ù Ù Ø Ù Ø Ø ÙƒØ Ø Ø Ù Ø Ø Ø Ù Ø ÙŠØ©

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Ø Ø Ø ÙŠÙ Ø Ø Ø Ù Ù Ø Ù Ø Ø ÙƒØ Ø Ø Ù Ø Ø Ø Ù Ø ÙŠØ©

Hochgeladen von

Copyright:

Verfügbare Formate

-1 3...........................

-11 Dynamic Disk94...............................

-38 MMC 420.....................AUTHOR MODE

IDE controllers IDE Standard

Standard IDE controller

don't run specified windows application

Deny Apply Group Policy

Disable sActive Directory

-1 > > Run services.msc , Remote

5 > > Run gpedit.msc WindowsSettings security settings :

2 : Domain .. :Active Directory Users and

Policy_name Policy/Computer Configuration/Windows Settings/Scripts

-2 IISNew Web Site..

-7 Web Site Properties

-10 Name Resolving .. DNS

-1 DNS NEW Primary Zone

1- Enforce password history

2- Minimum password age

3- Maximum password age

4- Minimum password length

5- Passwords must meet complexity requirements of the installed

6- Store password using reversible encryption for all users in the

(forever). (minimum password age): (right

20 - rsop.msc ( Resultant set of policies

Create a new Connection ..

Username & Password

setup for the group policy management console

Administrative Template Add / Remove

Template Custom Policy Settings

only show policy settings that can be fully managed

Disable USB Removable Device

Next Run Time : Shadow Copies ,

Previous Versions Shadow

Group Policy SMS

1 Computer Management ComputerManagement , Connect

2 Storage Disk Management ,

6 Permission Read Finish..

7- Web Site Properties ..

8 Documents Add Folder hi.html OK ..

10 Name Resolving .. DNS Zone Cname:

Distributed File System

Distributed File System DFS

3- Map Network Drive

1 Start Administrative Tools Distributed File

New Root Distributed File System

Domain root Next

Root test.local PublicRoot Public Root

Root 1 ManagersRoot Links 2

2- PublicRootMap Network Drive

Links Public Root

Server4 Browse Next

DFS Link Users New Target

Remote Desktop , HTML

> Start > Programs > Administrative Tools Internet Information

Active Directory Sites and Services

Active Directory Sites and Services

Active Directory Sites and Services

SERVER3 Site Site

: Site Site License Server

Cost: . Site Link

Cost Riyadh-Dammam T1 Link100

: Site Link IP New Site Link

Preferred Bridgehead Server