Beruflich Dokumente
Kultur Dokumente
http://zcomby-server2008.blogspot.com/
Acknowledgments
No book is written alone. Instead, there is a wealth of people working behind the scenes
to help make a book the best possible. Im grateful for the hard work put in behind the
scenes by several people. Kamal Harmoni, Kharizan, Hj. Shukri, Fadhlina, Ruslan,
Azzahari, Alanto, and Nor Izwan, all provided a significant amount of work that helped
produce this book. Im grateful to each of them.
: 192.168.2. SN
: 255.255.255.0
: 192.168.2.25
: 192.168.2. Server Number
Client
Network Printer
192.168.2.254
`
Name : clientxpSN
Static IP : 192.168.2. SN
Server
Name : serverSN
Static IP : 192.168.2. SN
All computers use static IP addresses and are on the same subnet. All PCs
should have the following configuration:
Server:
Minimum Intel Dual Core 2.6GHz, 2GB RAM, 80GB Disk.
Partition 1: C Drive, formatted as NTFS, 40GB, installed with Windows
Server 2008.
Partition 2: D Drive, formatted as NTFS, 40GB, free space.
Client:
Minimum Pentium D 2.6GHz, 1GB RAM, 80GB Disk.
Partition 1: C Drive, formatted as NTFS, 40GB, installed with Windows XP
Pro SP2.
Partition 2: D Drive, formatted as NTFS, 40GB, free space.
Table Of Contents
Title
Page
Exercise 1
Exercise 2
Initial Configuration
18
Exercise 3
30
Exercise 4
56
Exercise 5
75
Exercise 6
97
Exercise 7
107
Exercise 8
125
Exercise 9
142
Exercise 10
156
Exercise 11
175
Exercise 12
Logon Scripts
209
Table Of Contents
Title
Page
Exercise 13
Home Directories
227
Exercise 14
Disk Quotas
248
Exercise 15
262
Exercise 16
Viewing Events
320
Exercise 17
Auditing
328
Exercise 18
368
Exercise 19
400
Exercise 20
454
Exercise 21
482
Exercise 22
520
Exercise 1
Installing Windows
Server 2008
Hardware Requirements
Table 1.1 lists the basic system requirements for Windows Server 2008 editions.
Standard
Enterprise
Datacenter
Processor (recommended)
1 GHz (x86)
1.4 GHz (x64)
2 GHz or faster
1 GHz (x86)
1.4 GHz (x64)
2 GHz or faster
1 GHz (x86)
1.4 GHz (x64)
2 GHz or faster
Memory (min)
512 MB
512 MB
512 MB
Memory (recommended)
2 GB or more
2 GB or more
2 GB or more
Memory (max)
Disk space (min)
4 GB (32 bit)
32 GB (64 bit)
10 GB
64 GB (32 bit)
2 TB (64 bit)
10 GB
64 GB (32 bit)
2 TB (64 bit)
10 GB
40 GB
40 GB
40 GB
Processor (min)
Beware, though. These files are quite large. If youre using a slower dial-up link, you
might want to see whether Microsoft is currently offering an evaluation DVD via regular
mail. Theres a nominal cost involved with this option, but its better than trying to
download more than 2GB at 56KB.
The download is an .iso image of the actual DVD. Search with your favorite search
engine for Download Windows Server 2008, and youll find the link.
Once you download the .iso image, you can burn it to a DVD. If you dont have the
software needed to burn it to DVD, you can use one of many freeware utilities (such as
ImgBurn) to burn the .iso image to your DVD.
EXERCISE 1.1
Installing Windows Server 2008
1. Insert the Windows Server 2008 DVD into your DVD drive. Boot your PC using
Windows Server 2008 DVD.
2. Language and Keyboard Options.
This allows you to specify your language and your keyboard layout. By default,
text input language and method is : US Keyboard layout (Figure 0001).
Enter your "Product Key" for activation now or you can enter it later (Figure
0003).
10
Select Windows Server 2008 Enterprise (Full Installation), (as shown in the
Figure 0005).
11
12
7. Installation Options.
You are presented with options to Upgrade or Custom (advanced).
Click Custom (advanced), (Figure 0007).
13
14
8.6.
Click Next. The partition will be formatted with NTFS as part of the installation. At
this point, take a break. The installation will continue on its own.
15
Enter a new password in the two test boxes (Figure 0014). Enter
Pr@ctice in this exercise. It meets complexity requirements and doesnt
require you to remember multiple passwords. Dont use this password on
a production server.
16
Once the password has been changed, the screen indicates success
(Figure 0015). Click OK.
Summary
In this section you installed Windows Server 2008 on a computer. In the following
exercises you will setting time zone, install Active Directory and other services, creating
a small network for you to administer.
17
Exercise 2
Initial Configuration
18
19
20
Configuring Network
In this section, youll learn how to configure networking on your server. Make sure you
have hook up your server to the network before you start.
EXERCISE 2.2
Configuring Network
1. In Initial Configuration Tasks, select Configure networking (Figure 0020).
21
22
: 192.168.2.SN
: 255.255.255.0
: 192.168.2.ISIP
23
24
25
26
3. Key-in your server name at Computer name: box. In this exercise I user
server21 as my computer name (Figure 0031). And click OK.
4. Windows remind you to restart your computer to apply the changes. Click OK.
27
28
Summary
In this section you have configure Time Zone, Networking and Computer Name for your
Server 2008. In the following exercises you will install Active Directory and other
services for you to administer.
29
Exercise 3
Installing and
Configuring DNS
30
31
32
6. On the Select Server Role page, select the check box next to DNS Server, and
click Next (Figure 0040).
33
34
35
EXERCISE 3.2
Configuring Domain Name System (DNS)
10. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 0045)
11. Double-click on the computer icon to expand the DNS Server (Figure 0046).
36
EXERCISE 3.2.1
Configuring Forward Lookup Zones
12. Click on Forward Lookup Zones first, and then right-click on it.
13. Select New Zone (Figure 0047)
14. New Zone welcome wizard appear. Click Next to continue (Figure 0048).
37
15. Select Primary zone and click Next button (Figure 0049).
38
18. The dialog box now displays the name that will be used to the new zone file.
Leave the filename as suggested, then click Next (Figure 0051).
39
20. Click Finish to close the wizard and create the new zone (Figure 0053).
40
EXERCISE 3.2.2
Creating Forward Lookup Zones New Host
21. Double click to expand Forward Lookup Zones.
22. Right click myserver.com and select New Host (Figure 0054).
23. Enter IP address for DNS server (myserver.com) and click Add Host (Figure
0055).
41
26. After finish configuring Forward Lookup Zones, recheck myserver.com must have
minimum three(3) types resource record (SOA), (NS) and (A). (Figure 0056).
42
EXERCISE 3.3
Configuring Reverse Lookup Zones
27. Click on Reverse Lookup Zones.
28. Right click Reverse Lookup Zones and select New Zone (Figure 0057).
43
30. Select Primary zone and click Next button (Figure 0059)
31. Select IPv4 Reverse Lookup Zone and click Next to continue (Figure 0060).
44
32. A reverse zone maps IP addresses to computer names, so it has to know what
range of IP addresses it will be responsible for.
Enter the first 3 octets of the IP address that has been allocated to your network
domain (Figure 0061).
45
35. Select the option "Allow both nonsecure and secure dynamic updates". Click
Next to continue (Figure 0063)
46
EXERCISE 3.3.1
Creating Reverse Lookup Zones New Pointer (PTR)
37. In the DNS manager window, double-click the computer icon and expand the
Reverse Lookup Zone field.
38. Expand the subnet field.
39. Right-click the subnet field and select New Pointer (Figure 0065).
47
48
49
47. After finish configuring Reverse Lookup Zones, recheck the subnet field. The
subnet field must have minimum three(3) types resource record (SOA), (NS)
and (PTR). (Figure 0072).
50
EXERCISE 3.4
Testing The DNS Server
In this section you verify that the DNS Server is installed, running, and correctly
configured.
48. In the DNS manager window, right-click the computer icon and select properties
(Figure 0073).
51
50. Enable both tests and click Test Now button (Figure 0075).
52
EXERCISE 3.5
Testing The DNS Server Using NSLOOKUP To Query DNS
In this exercise you will use a client tool to check the operation of the DNS server. You
will query both a forward and reverse lookup.
53. Launch Run. Click Start Run (Figure 0076).
53
55. A command prompt DOS window will appear with the program nslookup running
in it (Figure 0078).
The default server name and IP address of the DNS server will be shown.
54
57. Press ENTER. Your query result will be same as Figure 0080 below.
Summary
The DNS server is a database that manages computer names and their IP addresses.
Zone files are used to store this information. Within a zone, a forward lookup resolves
computer names to IP addresses. A reverse zone resolves IP addresses to computer
names.
A client tool such as NSLOOKUP can be used to test the operation of a DNS server.
55
Exercise 4
Installing Active
Directory
56
EXERCISE 4.1
Adding Active Directory Domain Services Role
1. Login your server as Administrator.
2. Launch Server Manager. Click Start Administrator Tools Server Manager
(Figure 0082).
57
58
6. On the Select Server Role page, select the check box next to Active Directory
Domain Services, and click Next (Figure 0086).
59
60
61
62
13. On the Operating System Compatibility screen, review the information, and click
Next (Figure 0093).
63
If your computer were part of an existing forest, you could create a replica
domain controller within an existing domain. However, this exercise is assuming
your server will be the first domain controller in the forest.
15. On the Name the Forest Root Domain screen, enter MYServer.com as the fully
qualified domain name.
Click Next (Figure 0095).
64
65
20. If this server is on an isolated network without other DNS servers, a warning
dialog box will appear indicating that a delegation for this DNS server cant be
created and other hosts may not be able to communicate with your domain from
outside the domain. This is normal when installing DNS for the first domain
controller in a forest.
Click Yes to continue (Figure 0098).
21. On the Location for Database, Log Files, and SYSVOL screen, accept the
defaults.
Click Next (Figure 0099).
Figure 0099 : Location for Database, Log Files, and SYSVOL Screen
66
22. On the Directory Services Restore Mode Administrator Password screen, enter
@xercisE in both the Password and Confirm password boxes. This password is
needed if you need to restore Active Directory Domain Services. On a production
domain controller, a more secure password would be required.
Click Next (Figure 0100).
23. On the Summary screen, review your selections, and click Next (Figure 0101).
Active Directory Domain Services will be installed.
67
24. After a few minutes, the wizard will complete (Figure 0102).
25. If a warning message appeared same as below, just click OK. This message
appeared because we already created the DNS zone before (Figure 0103).
68
27. On the Active Directory Domain Services dialog box, click Restart Now (Figure
0105).
Once your system reboots, Active Directory Domain Services will be installed.
69
EXERCISE 4.3
Recheck Network Configuration
Now you need to recheck your network configuration because sometime after
installing Active Directory Domain Services, the network configurations change to
localhost setting.
29. Launch Network and Sharing Center. Click Start Right click Network
Properties (Figure 0107).
70
30. Under myserver.com (Domain network), click View status (Figure 0108).
71
32. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button
(Figure 0110).
72
33. Check your network configurations; make sure the configurations correct (Figure
0112).
73
Summary
Windows Server 2008 brings a lot of new features and benefits that will drive a
lot of migrations to the new operating system. This chapter presented many of these
new additions.
One of the significant benefits of Windows Server 2008 is virtualization. Three
editions (Windows Server 2008 Standard with Hyper-V, Windows Server 2008
Enterprise with Hyper-V, and Windows Server 2008 Datacenter with Hyper-V) support
virtualization.
Each edition can be purchased with or without Hyper-V, which is the technology
that supports virtualization. The Standard edition supports one virtual server, the
Enterprise edition supports as many as four virtual servers, and the Datacenter edition
supports an unlimited number of virtual servers. Virtualization is supported only on 64-bit
operating systems.
In this chapter, you learned about the new features of Windows Server 2008.
These included Server Manager, Server Core, PowerShell, Windows Deployment
Services, and read-only domain controllers.
Exercises led you through the process of installing Windows Server 2008 on a
PC. After reviewing many of the basics of Active Directory Domain Services, you learned
how to promote the server to a domain controller.
74
Exercise 5
Creating
Organization Units
And Users
75
EXERCISE 5.1
Creating Organization Units
76
77
5. Enter Stkm as the name for the new organizational unit (Figure 0117).
6. Uncheck Protect container from accidental deletion (Figure 0117).
7. Click OK (Figure 0117).
78
EXERCISE 5.2
Creating Users within Organizational Units
For proper control, it is better to create users within an OU rather than the Users
container. In the following exercise you will create a number of users, modify their
properties, and move them from one organizational unit to another.
9. Click the Stkm OU to highlight it (Figure 0119).
79
Last Name
Full Name
Zul
Zcomby
Zul Zcomby
zul.zcomby
80
14. Click Finish to create the new user Zul (Figure 0123).
81
EXERCISE 5.2.1
Configuring Password Policy
17. To disable password policy requirements; launch Group Policy Management.
Click Start Administrative Tools Group Policy Management (Figure 0126)
82
83
23. Right click Default Domain Policy and select Edit (Figure 0129).
84
Figure 0132 : Group Policy Management - Password Must Meet Complexity Requirements
85
30. Select Disabled under Security Policy Setting tab (Figure 0133).
86
87
Ocah
Last Name
Blue
Full Name
Ocah Blue
ocah
38. Create the following user account in the Sted OU (Figure 0138).
First Name
Ahmad
Last Name
Akmal
Full Name
Ahmad Akmal
akmal
Ain
Last Name
Syahmi
Full Name
Ain Syahmi
ain
88
First Name
Ali
Last Name
Uddin
Full Name
Aliuddin
ali.zul
Password
ali
Wan
Last Name
Saad
Full Name
Md Saad
wan.saad
Password
masuri
89
EXERCISE 5.3
Moving Users within Organizational Units
41. It is easy to delete, rename or move a user from an organization unit. In the
above exercise the user Md Saad was inadvertently placed in the wrong OU.
Right-click the user Md Saad and select move from the list (Figure 0143).
43. Click OK
90
44. Expand the Stkm OU to confirm that the user Md Saad is now a member of Stkm
OU (Figure 0145).
You have now created a number of users within the organizational units created
earlier. At this stage, you cannot see the benefits of doing this. However, the later
exercises will start to illustrate why this has been done, by allocating resources to
organizational units.
Thus, a user will get access to a resource based on their OU membership
properties. If a user moves from one organizational unit to another, they will
inherit all the resources associated with the new OU.
91
EXERCISE 5.4
Updating User Information
In this exercise we will look at default user properties such as logon times and how often
they need to change their passwords.
Active Directory allows organizations to store significantly more information than in
previous versions of Windows. For example, you can store telephone and office
information in the Active Directory with the user information.
45. Double click the user Md Saad in the Stkm OU (Figure 0146).
Integration
Telephone Number
012-5740157
md.saad@myserver.com
Computer Technology
IKM
Figure 0147 : User Details
92
93
EXERCISE 5.5
Restrict User Logon Hours
48. Double click the user Md Saad in the Stkm OU (Figure 0150).
94
95
96
Exercise 6
Configuring Client
Computer
97
IKM
Administrator
Domain Name
TCP/IP Address
192.168.2.SN
255.255.255.0
TCP/IP Gateway
192.168.2.ServerNumber
192.168.2.ServerNumber
98
EXERCISE 6.1
Network Setting (Windows XP)
1. Run Network Connections application program. Click Start All Programs
Accessories Communications Network Connections (Figure 0156).
99
Now set your client (Windows XP) IP address, and ensure that you are using a
static IP address. For this exercise, Im using number 61 as my Windows XP
client station number (Figure 0159).
Use the following IP address:
IP address
Subnet mask
Default gateway
: 192.168.2.SN
: 255.255.255.0
: 192.168.2.ServerNumber
100
101
EXERCISE 6.2
Joining Domain (Windows XP client)
9. Click Start Right-click My Computer (Figure 0161).
102
11. Click the Computer Name tab, and then click Change. (Figure 0163).
103
13. Specify yourdomain.com as the Primary DNS Suffix for This Computer (Figure
0165).
104
18. Now Domain Server will prompt you for Username and Password. Enter any
username and password you have created before. (Figure 0167).
19. If you get this welcome message : Windows : "Computer Name Changes" Welcome to the ....... domain"; it means you are successfully joining a domain.
(Figure 0168).
20. Since joining a domain is a major change in the security configuration of your
system, you will be reminded that you have to restart your system. Click OK
(Figure 0169).
105
21. You will be back in the System Properties, where you are now listed as being
part of a domain (Figure 0170).
.
.
106
Exercise 7
Viewing Computer
In Active Directory
107
EXERCISE 7.1
Viewing Computers and Servers in Active Directory
In this exercise, you will use Active Directory Users and Computers to view the
workstations and servers in the domain.
108
109
110
111
112
EXERCISE 7.2
Using the Local Workstation Account
In this exercise you will log on the Windows XP Professional workstation using a local
administrator account.
12. Logon the Windows XP Professional as administrator (Figure 0180).
113
EXERCISE 7.3
Using Domain wide account at the client computer
In this exercise you will log on the client computer using a domain account.
15. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0183).
114
115
20. Now, look at the logon box. There is an extra field displayed, called Logon to:
(Figure 0186).
116
26.2.
117
26.3.
Press ENTER.
118
30. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0193).
119
32. Double-click on the user Zul Zcomby to display the properties box (Figure 0195).
120
121
122
42.2.
123
42.3.
42.4.
Enter user as zul.zcomby and password as comby (Figure
0206).
Press ENTER.
Summary
Servers do not allow normal users to logon locally. Servers run the network and provide
resources, which users connect to remotely across a network. Servers are not designed
to have users physically sitting at their keyboards trying to log on and run programs.
Users actually logon to a client computer in the network and access resources using a
network connection.
Client computers running Windows XP Professional have their own accounts database.
124
Exercise 8
Delegating
Management Of
Users
125
126
127
128
129
130
131
17. Log off server. Click Start Log Off (Figure 0219).
132
EXERCISE 8.2
Managing Users
In this portion of the exercise you will log on to server as zul.zcomby and attempt to
manage users.
18. Attemp to log on to the server as zul.zcomby.
18.1.
18.2.
18.4.
Press ENTER.
133
19. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0223).
134
135
136
26. Select all areas and click Logon Denied (Figure 0230).
137
Figure 0232 : Logon Hours for Ocah Blue Set Logon Permitted
29. Click OK.
30. Click OK again.
31. Click the Sklr OU (Figure 0233).
138
32. Double-click Ain Syahmi user account to display the properties of this user
(Figure 0234).
139
140
39. Right-click Ocah Blue account and select Reset Password from the list
(Figure 0239).
141
Exercise 9
Exploring Group
Scopes and Types
142
Scope
Local
User accounts, Global groups and Universal groups from any domain in the
forest, as well as local groups from the same domain.
Global
Universal
User accounts, global groups and universal groups from any domain in the
forest.
The recommended strategy for using groups in Windows Server 2008 is to use both
global and domain local groups. Place users into global groups and then place the global
groups into domain local groups and assign permissions to the domain local groups.
Global groups have access to accounts in the local domain. Where the enterprise
consists of more than one domain, local groups allow the use of accounts across all the
domains. Where the enterprise has combined a number of domains into a forest,
Universal groups provide access to any accounts in the forest.
1.
143
144
145
146
147
6.7
6.8
148
7. Create a new Domain Local group called Intranet Users (Figure 0253).
7.1. Right-click the domain icon and select New - Group from the list (Figure
0253).
149
150
151
10 Now try adding the Technical Support group as a Member Of Intranet Users.
10.1.
152
10.2.
10.4.
153
10.5.
10.6.
154
10.7.
Summary
Windows Server 2008 running in native mode supports the use of different group types.
Global groups have access to user accounts and other global groups in the same
domain. Local groups allow you to access accounts outside the current domain, and
universal groups provide access across organizations (forests).
155
Exercise 10
Creating And
Applying Group
Policies
156
Group Policies
Group policies are settings or configurations that can be applied to users, groups,
organizational units and domains. An administrator can create a group policy that
configures the computer or user settings, such as menu and desktop settings, folder
locations and default password settings.
Windows NT 4 and Windows 98 introduced system policies. Windows 2000, 2003 and
2008 extends these further using group policies.
EXERCISE 10.1
Creating a Group Policy
1.
157
158
5.
Now, you will create a new group policy for the Stkm OU. This new policy will apply to all
members of the Stkm OU though in another exercise that follows, you will override this.
6.
Right-click the Stkm OU and select the Create a GPO in this domain, and
Link it here (Figure 0274).
159
9. Right-click the STKM Group Policy and select Edit (Figure 0276).
10. The group policy editor allows you to specify user and computer settings. In the
following steps, you will change some of these settings (Figure 0277).
160
14. Click the Start Menu and Taskbar folder (Figure 0281).
Figure 0281 : Group Policy Management Editor Start Menu and Taskbar
161
15. A large list of selections is available. Double click the option Add Logoff to the
Start Menu (Figure 0282).
Figure 0282 : Group Policy Management Editor Add Logoff to the Start Menu
16. The Add Logoff to the Start Menu Properties appears. Click the Disabled button
to disable this setting (Figure 0283).
18. The setting now displays as Disabled in the Group Policy Editor (Figure 0284).
162
163
164
EXERCISE 10.2
Test the Group Policy
The group policy has been applied to members of the Stkm Organizational Unit. There
are two members; Zul Zcomby and Ocah Blue. You will now test this policy to see if it
works.
27. Log on the server as zul.zcomby.
27.1.
27.2.
Press ENTER.
165
Now verify that the settings are also applied to the client computer. Log on to the
Client computer as ocah.blue.
30. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0292).
166
35. All the group policy setting should be applied (Figure 0294).
167
168
EXERCISE 10.3
169
170
You are now going to disable the policy of Stkm OU. This is a better option than
removing the policy, as if you decide to re-implement the policy at a later date, it will still
be there.
48. Expand the Stkm OU (Figure 0302).
50. A warning box appears. The Group Policy Management remind you that you
have selected a link to a GPO and changes you make will impact all other
locations linked with the GPO (Figure 0304).
171
52. Right-click the Stkm Group Policy and select Link Enabled (Figure 0305).
172
173
Now verify that the group policy is disabled. Log on to the Client computer as
zul.zcomby.
59. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0310).
60. Log on the Windows XP as zul.zcomby and comby as password (Figure 0311).
Summary
In this exercise you created a group policy and applied it to an organizational unit.
Only a fraction of the available settings were explored. Applying a group policy is a
way of controlling security and configuring groups of users with common settings.
This can help reduce the cost of ownership and the level of administrator support by
restricting what users can do or change on their computers.
174
Exercise 11
Creating And
Sharing Resources
175
Preliminary Setup
Add zul.akmal, ocah.blue and ain.syahmi to the Intranet Users group.
1.
176
Figure 0314 : Active Directory Users and Computers Intranet Users Group
4. Click the Members tab (Figure 0315).
Figure 0315 : Active Directory Users and Computers Intranet Users Properties
177
178
5.6
179
5.7
You can see Ocah Blue is added as a member of Intranet Users group
(Figure 0321).
7. After finish adding the entire user to Intranet Users group, your Intranet Users
properties should be same as figure below (Figure 0322).
Figure 0322 : Active Directory Users and Computers Intranet Users Properties
8. Cick OK to finish added members to Intranet Users group (Figure 0322).
180
EXERCISE 11.1
Creating and Sharing a Resource Using Windows Explorer
In this exercise, you will use Windows Explorer to create a folder and verify the NTFS file
permissions. The folder will then be shared and permissions assigned. You will then
access this shared resource from the client computer.
1.
181
182
4.2.
183
When users access a folder across the network, both the share and NTFS
permission lists define the user permissions.
7. Click the Sharing tab (Figure 0330).
184
Now you will restrict permissions at the share level. Remember that user permissions
to a network resource are made up of the share permissions and the NTFS
permissions.
12. Remove the Everyone group.
12.1.
185
12.2.
Select the Technical Support from the list of Search results (Figure 0340).
14.4.
186
14.5.
Click the Full Control allow box to enable the Full Control permission
(Figure 0342).
187
17. Once you have set the permissions as describe, click OK button to close the
dialog box (Figure 0343).
18. Click OK to close the advanced sharing dialog box for folder temp21 (Figure 0344).
188
20. In the Explorer window you will note a small double head icon
on the
folder D:\temp21, which indicates the folder is now shared (Figure 0346).
22. Log on the client computer as ali.zul and ali as password (Figure 0347).
189
190
191
28. Double-click the Server21 and view the available resources (Figure 0353).
29. You should see the Common resource listed (Figure 0354).
30. Double-click the Common resources so that you are connected to it (Figure 0354).
31. A new window will open up and display the contents of the folder (it will be empty
as there are no files in the folder) (Figure 0355).
192
Right-click in the windows and select New Text Document (Figure 0356).
32.2.
32.3.
193
194
195
39. Double-click the Server21 and view the available resources (Figure 0363).
40. You should see the Common resource listed (Figure 0364).
41. Double-click the Common resources so that you are connected to it (Figure 0364).
42. A new window will open up and display the contents of the folder (Figure 0365).
196
Right-click in the windows and select New Text Document (Figure 0366).
43.2.
197
EXERCISE 11.2
Creating Network Drive Mapping
Instead of using My Network Places, you can map a drive letter to the resource. This is
an alternative way of accessing the resource, but requires that you know the location of
the resource (you can use My Network Places to view the available resources, so you
dont really need to know the location)
45. Log on the client computer as ali.zul and ali as password (Figure 0367).
198
47. Select Z as drive and enter the location of the network resource in the Folder:
box (Figure 0369).
You must specify the name of the server and the share name.
In this exercise, it is \\Server21\Common.
199
Right-click in the windows and select New Text Document (Figure 0371).
50.2.
200
EXERCISE 11.3
Publishing a Shared Resource in Active Directory
One of the problems of publishing shares in the way you have just done (which is the
way they done in NT 4 or 98) is that you have to browse the network or know which
server the resource is located on in order to find it. This can be time-consuming and
frustrating for users.
Resources can be published in Active Directory, making them easy to find. In the next
exercise you will publish the resource into Active Directory.
201
54. Right-click domain (myserver.com) and select New Shared Folder (Figure 0374).
55. Enter the name as Common Files and the Network path as your server name
and share name in this exercise it is \\Server21\Common (Figure 0375).
57. The new shared folder appears in the right windows pane of Active Directory
(Figure 0376).
202
EXERCISE 11.4
Locating a Shared Resource in Active Directory
Now that the shared folder is published in Active Directory, it is easy for users to locate
and connect to the resource.
59. Log on to the client computer as ocah.blue (Figure 0377).
203
204
63. In the Find drop box, select Shared Folders and in the In drop box, select you
domain - myserver (Figure 0381).
205
66. Right-slick the Common Files shared folder from the list and select Map
Network Drive (Figure 0384).
67. Select U as drive and enter the location of the network resource in the Folder:
box (Figure 0385).
Note how the location for the server share is filled in automatically.
206
71. There are now one additional drive appears at the bottom (Figure 0387).
207
Summary
Permissions are assigned at the SHARE and at the File system level. By default,
Windows Server 2003 places every use created into the group EVERYONE, and, when
creating a new directory or share, automatically assigns rights to that resource so the
group EVERYONE can access it.
If you want to secure any resources by restricting access, you should ensure that the
appropriate permissions have been set at both the share and file system level.
Publishing shared folders in Active Directory simplifies the task of locating resources.
208
Exercise 12
Logon Scripts
209
1.
210
211
5.
6. Right-click the STKM Group Policy and select Edit (Figure 0393).
212
7.
The group policy editor allows you to specify user and computer settings. In the
following steps, you will change some of these settings (Figure 0394).
213
214
13. In the Logon Properties windows, click Show Files button (Figure 0400).
215
15. Double-click the text document. This will load the Notepad editor. Type the
following text into the file (Figure 0402).
echo off
cls
echo This is a log on script for the Stkm OU
echo Welcome %USERNAME% , member of the Stkm OU
pause
216
16.3.
Select All Files from the Save as type: drop menu (Figure 0405).
18. Close the Script windows by clicking the X button at the right top corner of the
windows (Figure 0407).
217
19. On the Logon Properties window, click Add button (Figure 0408).
218
219
24. Stkm.cmd now listed under Logon Properties Script. Click OK button to close
the Logon Properties window (Figure 0413).
26. On the Group Policy Management window, right-click STKM Group Policy and
uncheck all options except Link Enabled (Figure 0414).
220
28. In the Group Policy Management Editor, expand User Configuration (Figure
0416).
221
222
33. Double-click the Run logon scripts visible option (Figure 0421).
Figure 0421 : Group Policy Management Editor Run logon scripts visible
34. The Run logon scripts visible Properties appear. Click the Enabled button to
enable this setting (Figure 0422).
36. In the same folder, double-click the Run logon scripts synchronously option
(Figure 0423).
Figure 0423 : Group Policy Management Editor Run logon scripts synchronously
223
37. The Run logon scripts synchronously Properties appear. Click the Enabled
button to enable this setting (Figure 0424).
39. The setting now displays as Enabled in the Group Policy Editor (Figure 0425).
224
225
47. The logon script should appear same as figure below (Figure 0430).
Summary
Scripts allow for both user and computer environments to be configured. The four scripts
available are startup, shutdown, logon and logoff.
226
Exercise 13
HOME
DIRECTORIES
227
228
229
4.4.
230
231
232
233
15. Select Ahmad Akmal account from the list (Figure 0446).
234
18. Tick Allow box for Full Control permission. This will give Ahmad Akmal full
control over the folder User21. So he can read and write to the User21 folder on
the myserver.com server (Figure 0448).
235
236
237
238
239
240
241
242
43. There are now one additional drive appears at the bottom (Figure 0466).
243
44. Double-click the Network Drives to access the zul.akmal folder on the server
(Figure 0467).
The folders are empty.
244
245
48. Launch Windows Explorer. Click Start Right-click Computer select Explore
(Figure 0471).
246
51. You can see the folder zul.akmal is automatically created. Click zul.akmal folder
(Figure 0474).
Summary
Home directories allow users to store their files on the network. This is especially suited
to roaming users.
247
Exercise 14
DISK
QUOTAS
248
EXERCISE 14.1
Create Disk Quotas
1.
249
250
6. Enable the check box Deny disk space to users exceeding quota limit (Figure 0479).
251
11. On the Menu Bar, click Quota New Quota Entry (Figure 0483).
252
12. Key-in zul.akmal and click Check Names button (Figure 0484).
253
15. Set the following parameters for zul.akmal quota entry (Figure 0486).
Select the option Limit disk space to and set the value to 10MB.
Set the value for Set warning level to option to 8MB.
17. Now there is a new quota entries added to the Quota Entries list for zul.akmal
(Figure 0487).
254
19. Click OK button to close the Local Disk (D:) Properties window (Figure 0489).
255
256
23. View Home Directory capacity. Right-click on L: drive and select Properties
(Figure 0493).
24. The zul.akmal Home Directory properties appear. Look at the directory capacity,
it only 10 MB. Same as the Disk Quota Entry we set earlier (Figure 0494).
257
258
259
30. Copy and Paste another file into zul.akmal home directory on L: drive until the
disk quota warning appears (Figure 0499).
260
33. The zul.akmal Home Directory properties appear. Look at the Used space: size,
you have used almost 10 MB. The home directory almost full (Figure 0501).
Summary
Disk quotas allow administrators to restrict disk space to users so that disk space can be
effectively managed.
261
Exercise 15
MANAGING
SOFTWARE
APPLICATIONS
262
EXERCISE 15.1
Establish a Software Distribution Point
To support this exercise, you will need a shared folder on the network that contains the
software applications that will be deployed.
1.
263
264
4.1.
4.2.
265
EXERCISE 15.2
Sharing The SoftDist21 Folder
5. Open the SoftDist21 folder properties. Right-click SoftDist21 folder select
Properties (Figure 0507).
266
267
EXERCISE 15.3
Set Sharing Folder Permissions
Set read access to the share folder for the Sklr OU users and Administrator.
10. Click Permissions button (Figure 0512).
11. Select Everyone and click Remove button to remove Everyone from the Group
or user names: list (Figure 0513).
268
269
15. First, we add first user of Sklr OU. Select Ain Syahmi account from the list
(Figure 0517).
270
18. Tick Allow box for Read permission. This will give Ain Syahmi Read permission
over the folder SoftDist21. So she can read from the SoftDist21 folder on the
myserver.com server (Figure 0519).
271
272
26. Tick Allow box for Read permission. This will give Aliuddin Read permission
over the folder SoftDist21. So she can read from the SoftDist21 folder on the
myserver.com server (Figure 0525).
273
274
31. Select Administrator user account from the list (Figure 0529).
275
34. Tick Allow box for Full Control permission. This will give Administrator full
control over the folder SoftDist21. So the Administrator can manage the
SoftDist21 folder on the myserver.com server (Figure 0531).
276
37. Click Close button to close SoftDist21 Properties window (Figure 0533).
277
EXERCISE 15.4
Copy Software Application files to the Software Distribution Point
The next step is to copy some software applications to the distribution share.
39. Download file WinRar 3.9.3 from site below:
http://zcomby-server2008.blogspot.com under Downloads section (Softwaretutorial Server 2008) and save to the software distribution share point (or
download it from the internet from http://www.rarlab.com) .
EXERCISE 15.5
Create a ZAP file for the application
To deploy the WinRar application, you will need to create a ZAP file, as no MSI file is
available.
41. Create New text document inside D:\SoftDiskx, and rename the text document
as winrar.zap.
41.1
278
41.2
Change the file name to winrar.zap and select All Files for Save as
type: box (Figure 0536).
279
41.5
42. Key-in the following text into the winrar.zap file (Figure 0538).
280
EXERCISE 15.6
Publish the Software Application to Users of the Production OU
In this step, you will edit the group policy for the Sklr OU and specify a new
software installation for users.
44. Launch Group Policy Management. Click Start Administrative Tools Group
Policy Management (Figure 0539)
281
282
51. Right-click the SKLR Group Policy and select Edit (Figure 0545).
283
284
56.2
285
56.3
56.4
Click file types drop-down box and select ZAW Down-level application
packages (*.zap) (Figure 0553).
286
56.5
Select the winrar.zap file and click Open button (Figure 0554).
287
59. Now you can see the Win Rar package are listed under Software installation policy
(Figure 0556).
288
289
EXERCISE 15.7
Test the software deployment
In this step, you will log on to the client computer and test to see if the software can be
deployed. In order for the software to install however, the user needs sufficient rights on
the local computer.
65. Log on the client computer (Windows XP Professional) as local Administrator
65.1
65.2
290
291
292
70. Expand System Tools Local Users and Groups Groups (Figure 0566).
293
73. Key-in ain.syahmi in the box and click Check Names button (Figure 0568).
294
295
79.4
296
80.2
297
80.3
80.4
298
80.6
299
80.9
300
82. After finish install WinRar, close all remaining windows. And then double-click the
sample.rar file.
The Sample.rar now opened with WinRar program. Now you can read or extract
contents of the Sample.rar file (Figure 0584).
301
EXERCISE 15.8
Installing Application with MSI support
In this exercise you will deploy Microsoft FrontPage 2003.
84. Log on to the server as Administrator (Figure 0585).
302
303
304
89. Insert the Microsoft Office 2003 AIO CD and copy all files and folders in the
FrontPage folder to the D:\SoftDistx\FrontPage folder
89.1.
89.2.
305
89.3.
Expand the SoftDist folder. Right-click the FrontPage folder Paste (Figure
0593).
89.4.
Click the FrontPage folder to confirm all files are copied (Figure 0594).
306
90. Launch Group Policy Management. Click Start Administrative Tools Group
Policy Management (Figure 0595)
307
308
309
98. Right-click Software installation and select New Package (Figure 0603).
310
99.2
311
99.4
99.5
99.6
Select the FP11.msi file and click Open button (Figure 0609).
312
100.
102.
103.
313
104. Now you can see the Microsoft Office FrontPage package are listed under
Software installation policy (Figure 0612).
107.
314
108.
109.
315
EXERCISE 15.9
Test the software deployment
Now you will test the deployment of FrontPage 2003 by logging onto the client computer
as a member of the Sklr OU.
110.
316
111.
112.
The installation process will begin. When requested, enter the CD key and click
Next button (Figure 0619).
317
113.
Click Next button until reach the Summary windows (Figure 0620).
115.
Click Finish button to complete the FrontPage 2003 installation (Figure 0621).
117.
118.
318
119.
120.
121.
Summary
In this exercise you deployed a software application to a group of users. The application
was not supported by Windows Installer so required you to create a ZAP file.
The software application and Zap file were placed on a network share. This software
was then associated with a group policy for the Sklr Organizational Unit. The software
deployment was then tested when a user of the Sklr OU logged onto a client computer.
In installing software on the client computer, the installer needed the required
permissions. In this exercise, the users were made members of the Power Users group
to enable the installation of the software. In actual use, members would be set up with
the required permissions, rather than perhaps being made a member of this group on
the local computer.
Managing the software distribution can simply the administration of the network and
ensure that users only get the applications that have been assigned to them.
319
Exercise 16
VIEWING
EVENTS
320
EXERCISE 16.1
Running Event Viewer
1.
321
2. Launch Event Viewer. Click Start Administrative Tools Even Viewer (Figure
0623).
322
EXERCISE 16.2
Viewing the Different Log Files
5. All events have a Source and Task Category. Note these two columns in the
window (Figure 0625).
It is handy to sometimes restrict the events being viewed to just those events that
are of interest.
323
EXERCISE 16.3
Filtering Events
In this exercise you will use the filtering function to display only those events of
interest. Often the event log has hundreds of events listed, so you need the
ability to look for only those events that are relevant to what you are trying to
resolve.
6. On the right window, click the Filter Current Log (Figure 0626).
324
325
11. Note that only Microsoft Windows security auditing events with Logon task
category are now listed (Figure 0631).
326
13. The event properties of the first event appeared. The dialog box gives an indication
of the event [including the event ID, which is helpful when exploring your server as to
possible problems] (Figure 0632).
Summary
Windows Server 2008 logs activity to event logs. These events can be viewed with
Event Viewer. Typical events are printing, security, auditing, logon and logoff, as well as
other events generated by application software or other services such as DNS.
Events are helpful in determining problems with configuration or security.
327
Exercise 17
AUDITING
328
Exercise 17 : Auditing
In this exercise, you shall look at enabling auditing on selected resources, so that their
usage and access can be monitored. You will use event viewer to view the logged
accesses. Often, if you find that you cannot resolve problems in user access, enabling
auditing and viewing the audit logs with event viewer can help you determine the cause
of the problem.
EXERCISE 17.1
1.
329
5.
330
6. Edit the Default Domain Policy. Right-click Default Domain Policy Edit (Figure
0638).
331
332
333
334
335
EXERCISE 17.2
Set Auditing at the file object level.
1.
336
337
5. Select Security tab; and then click the Advanced button (Figure 0655).
338
Figure 0657 : Advanced Security Settings for Local Disk (D:) Auditing tab.
339
9. Key-in zul.zcomby in the box, and click Check Names button (Figure 0658).
340
341
Figure 0661 : Advanced Security Settings for Local Disk (D:) Auditing tab.
14. Click OK button (Figure 0662).
342
343
EXERCISE 17.3
Access the resource to generate the audit event.
Now it is time to test the auditing. What you did in the previous exercise was setup a
group policy for domain controllers. You enabled auditing on the server using Local
Security Policy. Next, you enabled auditing on the files and sub-folder D:\tempx. In the
next step you will log on and access this resource, thus generating an audit event.
17. Log on to the server computer as zul.zcomby.
17.1.
17.2.
Press ENTER.
344
345
346
EXERCISE 17.4
View the audit events.
In the last exercise, you accessed the resource and this would have generated an audit
event. These events are stored in the security log and are viewed with event viewer.
27. Log on to the server as Administrator (Figure 0672).
347
29. Expand Windows Logs Security. The Event Viewer window displays the current
event logs. There are a number of logs available (Figure 0674).
348
31. Now configure the Filter Current Log. Please refer to the following table for
configuration (Figure 0676).
Logged:
Any time
Event level:
Information
Event sources:
Task category:
File System
Keywords:
Audit Success
User:
<All Users>
Computer(s):
<All Computer>
349
33. Note that only Microsoft Windows security auditing events with File System task
category are now listed (Figure 0677).
350
37. Drag the right-hand side scroll bar until you see the Process Information: section
(Figure 0679).
38. From this section, you can see the process or application zul.zcomby run while he
login to the server.
As you can see, zul.zcomby are launch Notepad application software. Maybe he
writing something or maybe he open a text file (Figure 0679).
40. Now let find the location of the text file zul.zcomby opened. Double-click the second
event to see the event properties (Figure 0680)
351
41. Scroll until you find the Object: section. As you can see the log reports same as the
first event (Figure 0681).
43. Now try double-click the third event to see the event properties (Figure 0682).
352
44. Scroll until you find the Object: section. Can you find the differences between third
event and the first event?
In the third event there is extra information under Object: section. Object Type: and
Object Name: (Figure 0683).
Object Type: state the type of the object.
Object Name: state the object name.
353
EXERCISE 17.5
Disable Auditing
Auditing places a performance penalty overhead on the computer. In this step, you will
disable auditing.
47. Launch Group Policy Management. Click Start Administrative Tools Group
Policy Management (Figure 0684).
354
51. Edit the Default Domain Policy. Right-click Default Domain Policy Edit (Figure
0688).
355
356
357
358
359
360
361
362
72. Select Auditing tab and select Zul Zcomby (Figure 0705).
74. Select Zul Zcomby and click Remove button (Figure 0706).
Figure 0706 : Advanced Security Settings for Local Disk (D:) Auditing tab.
75. Click OK button (Figure 0706).
363
364
EXERCISE 17.6
Clear the Security Log Events
In this exercise you will clear all the events in the Security log.
78. Launch Event Viewer. Click Start Administrative Tools Even Viewer (Figure
0709).
365
79. Expand Windows Logs Security. The Event Viewer window displays the current
event logs. There are a number of logs available (Figure 0710).
80. Right-click Security log and select Clear Log (Figure 0711).
366
81. Click Clear button so that the events are not saved (Figure 0712).
Summary
Both Directories and Files can be audited. When auditing is enabled, events that are
specified are written to an event log, which can be viewed in Event Viewer.
It is possible to apply a filter when viewing events to be more selective. Applying auditing
creates an overhead penalty on the server, and can fill the event logs quickly.
367
Exercise 18
INSTALLING AND
CONFIGURING
PRINTER
368
EXERCISE 18.1
1.
369
4. Click Add a printer button to run the Add Printer wizard (Figure 0716).
370
371
8. Now select Device type: as TCP/IP Device and enter your printer IP address in the
Hostname or IP address: box. For this exercise, my printer IP address is
192.168.2.254 (Figure 0719).
10. Wait until the detecting of the TCP/IP port process finish. After finish the detection
process, the windows will automatically move to the next page (Figure 0720).
372
12. Now the Add Printer wizard will try to detect the printer driver. The Add Printer wizard
will automatically move to the next page after the detection process done (Figure
0722).
373
15. Enter your printer name. Normally same as printer model. So here I enter my printer
model; HP Color LaserJet CP1515n as printer name (Figure 0724).
374
17. Enter HPCP1515n as the shared printer name and STKM for the Location field
(Figure 0725).
19. Click Finish button to complete the adding printer process (Figure 0726).
375
EXERCISE 18.2
Assign a Print Manager For The Printer
In this exercise, you will assign a user to manage the printer. This printer manager will
be able to delete jobs and perform other administrative tasks.
20. Right-click the installed printer and select Sharing (Figure 0727).
21. You will see that Windows Server 2008 has already shared the printer on the
network, but the printer not listed in the Active Directory. To list the printer in the
Active Directory, tick the List in the directory option (Figure 0728).
376
23. The current security setting for the printer is similar to the Figure 0729.
You will note that everyone (all users) has print access, whilst Administrators have
all rights.
Print Operators also have all rights.
377
378
27. Select Ocah Blue from the list and click OK button (Figure 0732).
379
29. Give Ocah Blue full rights to this printer. This effectively makes her a manager for
this printer (Figure 0734).
380
EXERCISE 18.3
Locating Printers using Active Directory
In this exercise, you will use Active Directory to locate printers.
32. Launch Active Directory Users and Computers. Click Start Administrative Tools
Active Directory Users and Computers (Figure 0735).
381
36. The search results will display all the printers installed and listed in your Active
Directory. In the previous exercise, you have installed one printer and set the printer
to be listed in the Active Directory. So the search results display only one printer
founded (Figure 0738).
382
EXERCISE 18.4
Accessing The Printer From The Client Computer
In this exercise, you will log on to the client computer and set up access to the shared
printer on the server.
40. Log on to the client computer as ocah.blue (Figure 0739).
383
42. Click the Add a printer icon to run the Add Printer Wizard (Figure 0741).
384
44. Select A network printer, or to another computer and click Next button
(Figure 0743).
385
46. Enter STKM in the Location: field and click Find Now button (Figure 0745).
386
387
EXERCISE 18.5
Printing a File
In this exercise, you will print a page to the printer.
49. Right-click the printer icon and select Properties (Figure 0748).
388
389
EXERCISE 18.6
Managing The Printer
In this exercise, you will manage the printer by deleting all print jobs, and then pausing
the printer.
53. Make the printer ERROR (open the printer tonner compartment door).
54. Launch Notepad. Click Start All Programs Accessories Notepad (Figure 0752).
390
55. Key-in your name in the Notepad text editor (Figure 0753).
391
58. Open Printers and Faxes. Click Start Printers and Faxes (Figure 0756).
59. Right-click the printer icon and select Pause Printing (Figure 0757).
392
60. Right-click the printer icon and select Cancel All Documents (Figure 0758).
393
63. Log on to the client computer as zul.akmal with akmal as his password (Figure
0760).
394
65. Click the Add a printer icon to run the Add Printer Wizard (Figure 0762).
395
67. Select A network printer, or to another computer and click Next button
(Figure 0764).
396
69. Enter STKM in the Location: field and click Find Now button (Figure 0766).
397
398
Summary
In this exercise you established a network printer and connected to it using a client
computer. A print manager responsible for the printer was established and you
tested the printer and management functions. You also learnt to locate a printer
using the search function of active directory.
399
Exercise 19
OTHER
ADMINISTRATIVE
TOOLS
400
Backup
In this exercise you will use the Backup utility provided with Windows Server 2008 to
perform a selective backup of files.
EXERCISE 19.1
Installing Windows Server Backup.
1.
401
2. Launch the Server Manager. Click Start Administrative Tools Server Manager
(Figure 0772).
402
403
7. After finish installation of Windows Server Backup, the Add Features Wizard
show the installation results. Make sure the result is success, if not you have to
reinstall the features.
Click Close button to continue (Figure 0776).
404
EXERCISE 19.2
Full Server Backup
9. Launch the Windows Server Backup. Click Start Administrative Tools Windows
Server Backup (Figure 0777).
405
11. Select Different options and click Next button (Figure 0779).
12. Select Full server (recommended) option and click Next button (Figure 0780).
406
13. Select Local drives option and click Next butoon (Figure 0781).
14. Select drive D as your backup destination, but make sure the drive is NTFS
formatted (Figure 0782).
407
16. Select VSS full backup option and click Next button (Figure 0783).
17. Check you backup configuration, make sure the backup items and the backup
destination are correct. Click Backup button to start backup (Figure 0784).
408
18. After all files have been archived, the Backup Wizard displays a completion
summary. Click Close button to close the Backup Wizard (Figure 0785).
409
EXERCISE 19.3
Restore Files and Folders
In this exercise you will use the Backup utility provided with Windows Server 2008 to
perform a restore of files and folder.
20. Launch the Windows Server Backup. Click Start Administrative Tools Windows
Server Backup (Figure 0787).
410
22. Select This server option and click Next button (Figure 0789).
23. The Recovery Wizard will show the entire available backup. Backups are
available for dates shown in bold. Select the date of a backup to use for
recovery. Select the latest backup available (Figure 0790).
411
25. Select Files and folders option to restore files and folders. This option only can
restore selected files and folder (Figure 0791).
If you want to restore the entire volume, select Volumes option.
27. Browse the folders tree to find the files or folders that you want to recover. Click
an item to select it for recovery.
Let try recover Common Files folder. Select Common Files folder and click Next
button (Figure 0792).
412
28. Select Original location for the Recovery destination option and select
Overwrite existing files with recovered files for the When this wizard finds
files and folders in the recovery destination option (Figure 0793).
413
31. After all files have been restored, the Recovery Wizard displays a completion
summary. Click Close button to close the Recovery Wizard (Figure 0795).
414
EXERCISE 19.4
Restore Volume
In this exercise you will perform a restore an entire volume (all data stored on C: drive).
33. Insert the Windows Server 2008 DVD into your DVD drive.
34. Restart your Server. Click Start Restart (Figure 0797).
415
35. Select Hardware: Maintenance (Planned) and click OK button (Figure 0798).
416
39. Select an operating system to repair and click Next button (Figure 0801).
417
40. Click Windows Complete PC Restore option to restore entire server from a
backup image (Figure 0802).
418
419
45. At this point, take a break. The restoring process will continue on its own. This
will take several minutes (Figure 0807).
46. Windows will automatically reboot your system after the restoring process
complete. Press CTRL + ALT + DELETE to log on to your server (Figure 0808).
420
421
COMPUTER MANAGEMENT
This is an administrative tool that allows you view the physical drives, file systems,
partitions, and logical drives on the computer. This tool can also be used to check the file
systems and defragment.
EXERCISE 19.5
In this exercise you will use Computer Management to check the file system. If files are
currently in use, Windows Server 2008 is unable to check the state of the file system,
and will flag the file system for checking on the next reboot.
422
423
424
6. Click the Check Now button to check the drive for errors (Figure 0814).
7. Tick the option Automatically fix file system errors and click Start button
(Figure 0815).
8. If C: drive is not in use, check disk will now scan the drive for errors. If the drive is
in use, you will be presented with the option to schedule the disk check when the
computer is restarted.
Click Schedule disk check to continue (Figure 0816).
425
426
11. Tick the option Automatically fix file system errors and click Start button
(Figure 0819).
12. If D: drive is not in use, check disk will now scan the drive for errors. If the drive is
in use, you will be presented with the option to schedule the disk check when the
computer is restarted.
Click Schedule disk check to continue (Figure 0820).
427
428
14. Select Hardware: Maintenance (Planned) and click OK button (Figure 0822).
You will be able to observe the process of checking the file system occurring
once the computer restarts (Figure 0823).
429
430
431
432
8. Select all disks for defragment and click OK button (Figure 0830).
433
9. After the drive has been defragmented, click the Close button to close the Disk
Defragmenter window (Figure 0831).
Defragmenting the file system should occur on a regular basis to ensure files can
be accessed and loaded quickly. Files in use cannot be defragmented, so
administrators should schedule this to occur during periods of inactivity. A heavily
fragmented file system is often the cause of poor performance.
434
SAFE MODE
Safe mode provides a means of recovering from loading device drivers that do not work
properly. For instance, an administrator might install a new graphics card, and rather
than let Windows Server 2008 install the appropriate drivers, may select an alternative
driver. This can result in a system that results in an unreadable screen display. To
recover from such a possibility, Windows Server 2008 provides Safe mode.
EXERCISE 19.7
In this exercise you will restart the computer in Safe Mode. This is a special mode only
available when the computer is restarted and you press F8 before the computer starts
loading Windows Server 2008.
435
436
4. When the computer restarts, repeatedly press the F8 key while it displays the
boot sequence at the bottom of the screen. You need to press F8 key before the
Windows logo appears. If the Windows logo appears, you will need to try again
(Figure 0835).
437
5. Select the Safe Mode option and press Enter (Figure 0836).
438
7. When your computer in safe mode, youll see the word Safe Mode in the corners
of the display (Figure 0838).
439
8. After the computer has started in safe mode, shut the computer down. Click Start
Shut Down (Figure 0839).
440
441
10. Select the Directory Services Restore Mode option and press Enter (Figure 0841).
11. Press CTRL + ALT + DELETE and log on to the server as Administrator with
Active Directory password you set in the earlier exercise - @xercisE (Figure
0842).
442
13. Key-in cmd in the Open : box and click the OK button to launch the Command
Prompt application (Figure 0844).
443
444
15. Backup the Active Directory Service database by copying the ntds.dit file to a
new file named ntdsbackup.dit
Key-in the following command to back-up the ntds.dit file:
copy ntds.dit ntdsbackup.dit
and press Enter (Figure 0848).
16. Reconfirm the backup file is successfully created by typing the following
command:
dir/w and press Enter (Figure 0849).
445
446
447
21. When the computer restarts, repeatedly press the F8 key while it displays the
boot sequence at the bottom of the screen. You need to press F8 key before the
Windows logo appears. If the Windows logo appears, you will need to try again
(Figure 0853).
22. Select the Directory Services Restore Mode option and press Enter (Figure 0854).
448
24. Launch the Run application. Click Start Run (Figure 0856).
449
25. Key-in cmd in the Open : box and click the OK button to launch the Command
Prompt application (Figure 0857).
450
27. Restore the Active Directory Service by copying the ntdsbackup.dit file to
ntds.dit file
Key-in the following command to restore the ntds.dit file:
copy ntdsbackup.dit ntds.dit
and press Enter (Figure 0861).
451
28. Reconfirm the file is successfully restore by typing the following command:
dir/w and press Enter (Figure 0862).
452
Summary
In this exercise you learn how to make a backup copy of the Active Directory
database by copying it to another file. You also learn how to recover and restore
the Active Directory database.
453
Exercise 20
INSTALLING AND
CONFIGURING
DHCP SERVER
454
EXERCISE 20.1
Installing DHCP Service.
This will serve as a step-by-step guide on how to setup a DHCP server.
1.
455
2. Launch the Server Manager. Click Start Administrative Tools Server Manager
(Figure 0866).
456
5. On the Before You Begin page, review the requirements, and click the Next
(Figure 0869).
457
6. On the Select Server Roles page, select the check box next to DHCP Server,
and click the Next button (Figure 0870).
458
8. On the Network Connection Binding page, select your server IP address and
click the Next button (Figure 0872).
9. On the IPv4 DNS Server Settings page, review the information. Make sure all the
information is correct. Click the Next button to continue (Figure 0873).
459
10. Select WINS is required for applications on this network option, and enter
your server IP address in the Preferred WINS Server IP Address box. Click the
Next button to continue (Figure 0874).
11. Create DHCP Scopes. Just click the Next button, we will create the DHCP
scopes later (Figure 0875).
460
12. In this exercise you only use IPv4, so select Disable DHCPv6 stateless mode
for this server option and click the Next button to continue (Figure 0876).
13. Select the Use current credentials option and click the Next button (Figure 0877).
This option specifies the credentials of the current user will be used to authorize
the DHCP server in AD DS.
461
14. On the Confirm Installation Selections page, click Install button (Figure 0878).
462
463
EXERCISE 20.2
Creating a Range of Address: DHCP Scopes.
In this exercise you will specify range of IP address
17. Launch the DHCP manager. Click Start Administrative Tools (Figure 0881).
18. Double-click on the server icon to expand the domain (Figure 0882).
464
20. On the Action menu, click New Scope to start New Scope wizard (Figure 0884).
465
21. New Scope Wizard window. Click the Next button to continue (Figure 0885).
466
467
468
469
Default Gateway
Domain Name
DNS Server
WINS Server
Select Yes, I want to configure these options now and click the Next button to
start configure the DHCP options (Figure 0891).
470
471
Figure 0894 : New Scope Wizard Parent domain and Server name
33.3. Click the Add button to add the DNS server IP address to the DNS server
IP address list (Figure 0895).
472
Figure 0896 : New Scope Wizard Domain Name and DNS Servers
473
474
475
Congratulation! You have successfully completed creating the New DHCP Scope
(Figure 0902).
476
EXERCISE 20.3
Testing The DHCP Server.
In this exercise you will test your DHCP server functionality.
39. Log on to the client computer using a local administrator account. Enter the User
name: as Administrator and select Log on to : CLIENTXP61 (this computer)
and click the OK button to log on (Figure 0903).
477
41. Right click Local Area Connection and select Properties (Figure 0905).
478
43. Set your client to get IP address automatically from DHCP server by selecting the
Obtain an IP address automatically option and Obtain DNS server address
automatically option (Figure 0907).
45. Click the OK button (Figure 0908) and close all the remaining windows.
479
46. Launch the Run application. Click Start Run (Figure 0909).
480
48. List the client computer IP configuration by typing the following command:
ipconfig and press Enter (Figure 0911).
Summary
In this exercises, you are setting up a DHCP server. The DHCP server provides you with
an easy way of assigning IP addresses to workstations on your network. You were
shown how to install and configure a DHCP Server and how to avoid overlapping
scopes.
481
Exercise 21
INSTALLING AND
CONFIGURING
WEB SERVER
482
483
EXERCISE 21.1
Installing Internet Information Services (IIS).
1.
484
485
5. On the Before You Begin page, review the requirements, and click the Next
(Figure 0917).
486
7. If you are asked to add features for Web Server (IIS), just click the Add
Required Features button to add the features. You cannot install Web Server
(IIS) unless the required features are also installed (Figure 0919).
487
9. On the Web Server (IIS) page, review the information, and click the Next button
(Figure 0921).
488
11. On the Confirm Installation Selections page, click Install button (Figure 0923).
489
490
491
15. Launch the Internet Information Services (IIS) Manager. Click Start
Administrative Tools Internet Information Services (IIS) Manager (Figure
0927).
16. In the Internet Information Services (IIS) Manager, expand your server (Figure
0928).
492
493
19. The windows will launch the Internet Explorer. You can see the address on the
address bar is http://localhost/ and a picture with the word IIS7 at the middle of
the page. This means your Web Server and your Default Web Site is running
successfully (Figure 0931).
494
22. The Windows Explorer shows the path of the Default Web Folder. There are only
two files listed under C:\inetpub\wwwroot folder (Figure 0933):
iisstart.htm
welcome.png
HTML document
image file
495
EXERCISE 21.3
Change the Default Web Folder.
In this exercise you will change the default Web folder from C:\inetpub\wwwroot to
D:\mywebserver.
24. Click Default Web Site and click the Basic Settings link (Figure 0934).
496
26. Select Local Disk (D:) and click the Make New Folder button (Figure 0936).
27. Rename the folder name to mywebserver and click the OK button (Figure
0937).
Figure 0937 : Edit Site - Browse For Folder - Make New Folder
497
28. Make sure the Physical path: is D:\mywebserver. If correct, click the OK button
to continue (Figure 0938).
498
EXERCISE 21.4
Create a Simple Web page.
In this exercise you will create a simple web page to act as your first web page and the
file to the D:\mywebserver folder.
29. Launch Notepad Editor. Click Start All Programs Accessories Notepad
(Figure 0939).
499
30. Type the following text into the file (Figure 0940):
<html>
<head>
<title>Web Server</title>
</head>
<body>
<p><h1>Welcome To My Web Server</h1></p>
</body>
</html>
500
31.2.
31.3.
501
31.4.
31.5.
31.6.
Close the Notepad Editor (Figure 0945) and log off the server.
502
EXERCISE 21.5
Test the Web Server.
In this exercise you will test the functionality of your Web server using client workstation.
32. Log on to the client computer as Administrator (Figure 0946).
503
504
EXERCISE 21.6
Create a New Web Site.
In this exercise you will create a new Web site for your web server.
37. Launch Windows Explorer. Click Start Right-click Computer select Explore
(Figure 0950).
505
506
39.2.
40. Launch Notepad Editor. Click Start All Programs Accessories Notepad
(Figure 0954).
507
41. Type the following text into the file (Figure 0955):
<html>
<head>
<title>New Web Site</title>
</head>
<body>
<p><h1 align="center">Welcome To My New Web Site</h1>
<h3 align="right">Hosted by My <font color="#FF0000">Web
Server</font></h3></p>
</body>
</html>
508
42.2.
42.3.
509
42.4.
42.5.
42.6.
Close the Notepad Editor (Figure 0960) and all remaining window.
510
43. Launch the Internet Information Services (IIS) Manager. Click Start
Administrative Tools Internet Information Services (IIS) Manager (Figure
0961).
44. In the Internet Information Services (IIS) Manager, expand your server (Figure
0962).
511
45. Right-click the Sites folder and select Add Web Site (Figure 0963).
46. In the Site name: box, type the name of your site (e.g. Tutorial Site) (Figure
0964).
512
47. In the Physical path: box, type or browse to the directory that contains the site
content (D:\newweb21) (Figure 0965).
48. Select your Web server IP address from IP Address: drop-down menu (Figure
0966).
513
49. Enter Host name: as www.myserver.com for this site, and click the OK button
(Figure 0967).
50. On IIS Manager, Select the new web site (Tutorial Site) and click the Start
button to start the new web site service (Figure 0968).
514
EXERCISE 21.7
Configure DNS Service for Host Name.
In this exercise you will configure host name for your new Web site.
51. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 0969).
52. Double-click the computer icon to expand the DNS Server (Figure 0970).
515
53. Expand the Forward Lookup Zones; right click myserver.com and select New
Host (A or AAAA) (Figure 0971).
516
58. Click Done button to exit New Host Wizard (Figure 0974).
517
EXERCISE 21.8
Test the New Web Site on Web Server
In this exercise you will test the functionality of your New Web Site from client
workstation.
61. Log on to the client computer as Administrator (Figure 0976).
518
64. Your new web site page will appear in the browser (Figure 0978).
Summary
Whether your site is on an intranet or the Internet, the principles of providing content are
the same. You place your Web files in directories on your server so that users can
establish an HTTP connection and view your files with a Web browser.
But beyond simply storing files on your server, you must manage how your site is
deployed, and more importantly, how your site evolves. Today, an engaging Web site is
seldom a static collection of pages. Most successful Web administrators are kept busy
accommodating ever changing Web content.
Each Web site must have a home directory. The default Web site home directory is
LocalDrive:\inetpub\wwwroot. You can change a Web site home directory using IIS
Manager.
519
Exercise 22
INSTALLING AND
CONFIGURING
FTP SERVER
520
EXERCISE 22.1
Installing FTP Server.
1. Log on to the server as Administrator (Figure 0979).
521
2. Launch the Server Manager. Click Start Administrative Tools Server Manager
(Figure 0980).
522
4. Scroll down until you reach the Web Server (IIS) section (Figure 0982).
5. Click the Add Role Services at the Role Services: section (Figure 0982).
523
6. On the Select Role Services page, select the check box next to the FTP
Publishing Service (Figure 0983).
7. If you are asked to add role services for FTP Publishing Service, just click the
Add Required Role Services button to add the role services. You cannot install
FTP Publishing Service unless the required role services are also installed
(Figure 0984).
524
525
526
527
13. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start
Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure
0990).
14. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 0991).
528
Figure 0992 : Internet Information Services (IIS) 6.0 Manager FTP Sites
You can see, IIS already create a default FTP site on your hard disk. The default
folder for the default FTP site is set to the C:\inetpub\ftproot folder.
16. Right-click the Default FTP Site and select Properties (Figure 0993).
529
17. On the FTP Site tab, under FTP site description, type the name of your FTP
site in the Description: box. (e.g. Server 21 FTP Site) and select IP address for
your FTP site (Figure 0994).
530
EXERCISE 22.3
Change the FTP Site Home Directories.
Each FTP site on a computer must have its own home directory. The default home
directory for the default FTP site is LocalDrive:\inetpub\ftproot.
There are two ways to change the home directory of an FTP site:
531
22. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 0997).
Figure 0998 : Internet Information Services (IIS) 6.0 Manager FTP Sites
24. Make sure the FTP Site service is stop. Right-click the Server 21 FTP Site and
select Stop (Figure 0999).
532
25. Right-click the Server 21 FTP Site again, and select Properties (Figure 1000).
533
27. Select the A directory located on this computer option, and enter the location
of your ftp home directory in the Local path: box (e.g. D:\newweb21) or press
the Browse button to find the location of your ftp home directory (Figure
1002).
Note:
If you select a directory on a network share, you might need to enter a user name
and password to access the resource. IUSR_computername is the default
account used if another account is not specified.
If you use an account with administrative credentials on the server, clients can
gain access to server operations. This seriously jeopardizes the security of your
network.
For more information on security see, Security Best Practices in Windows Help.
28. Click the OK button (Figure 1002).
534
29. Right-click the FTP site youve just configured, and select Start (Figure 1003).
535
EXERCISE 22.4
Create a Text Document in FTP Home Directory.
32. Launch the Windows Explorer and go to the FTP Home Directory (e.g.
D:\newweb21) (Figure 1005).
33. Create a new text document inside FTP Home Directory and rename the text
document as testing.txt.
33.1.
Right-click in the windows and select New Text Document (Figure 1006).
536
34. Right click testing.txt file and select Edit. This will load the Notepad Editor
(Figure 1007).
35. Type the following text into the file (Figure 1008):
This only test document to test the FTP server.
36. Save the file by pressing Ctrl + S key and close the file.
37. Close all the remaining window.
38. Log off the server.
537
EXERCISE 22.5
Test The FTP Site.
39. Log on to the client computer as Administrator (Figure 1009).
538
539
540
EXERCISE 22.6
Configure The FTP Server to Allow User to Upload or Modify File and Directory.
46. Log on to the server as Administrator (Figure 1013).
541
48. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 1015).
Figure 1016 : Internet Information Services (IIS) 6.0 Manager FTP Sites
50. Right-click the Server 21 FTP Site again, and select Properties (Figure 1017).
542
51. Click the Home Directory tab. Under the FTP site directory, tick the Write
option (Figure 1018).
543
EXERCISE 22.7
Test The FTP Site.
54. Log on to the client computer as Administrator (Figure 1019).
544
545
59. Now try copy any file and paste it to this FTP site.
Could you paste any files?
YES / NO
546
547
2. Launch Network and Sharing Center. Click Start Right click Network
Properties (Figure 1024).
548
4. Click Properties button to open Local Area Connection Properties (Figure 1026).
549
550
9. Enter second IP address for your server [e.g. 192.168.2.24] (Figure 1030).
11. As you can see, now your server has 2 IP address (Figure 1031).
551
552
553
EXERCISE 22.8.1
Creating New FTP Site for Specific User Using Multiple IP Address.
FTP Site can be set to be login only by specific user. You can allow specific users to
establish an FTP connection and transfer files with an FTP client or FTP-enabled Web
browser. But beyond simply storing files on your server, you must manage how your site
is deployed, and more importantly, how your site evolves. This section presents the
basics of managing the infrastructure of an FTP site, from securing your site to hosting
multiple sites.
This exercise to help administrators, and particularly Internet hosting providers,
efficiently secure and commercialize the FTP services for their customers.
Let's say we want to set Ain Syahmi as administrator for the Student FTP Site.
554
555
20. Create a new folder named StudentSN (SN represents youre Station Number).
In previous exercise I use number 21 as my Station Number. So in this exercise
my folder named will be Student21.
20.1.
20.2.
556
21. View the default permission of your Student21 folder. Right-click D:\Student21
folder, and select Properties (Figure 1040).
557
558
23.3. Uncheck the check box Include inheritable .. objects parent (Figure
1044).
559
560
561
24.3. Key-in Ain Syahmi to add Ain Syahmi and click Check Names button.
(Figure 1050).
562
24.5. Give Ain Syahmi Full Control of this FTP site because we want her to act
as administrator for the Student FTP Site. Click the OK button after finish
configure (Figure 1052).
24.1. Click the OK button to close the Student21 Properties (Figure 1053).
563
EXERCISE 22.8.2
Creating New FTP Site Student FTP Site.
26. Make sure youre log on to the server as Administrator.
27. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start
Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure
1054).
28. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 1055).
564
29. Right-click the FTP Sites folder, and select New FTP Site (Figure 1056).
Figure 1056 : Internet Information Services (IIS) 6.0 Manager FTP Sites
30. FTP Site Creation Wizard appears. Click the Next button (Figure 1057).
565
31. FTP Site Description dialog boxes appear. Key-in Student FTP Site in the
Description: box and click the Next button (Figure 1058).
32. Now the wizard asking for IP Address and Port Setting, key-in your server
second IP address (e.g. 192.168.2.24) and use the TCP port default setting
(Default = 21) . Click the Next button to continue (Figure 1059).
Figure 1059 : FTP Site Creation Wizard - IP Address and Port Setting
566
33. In the FTP User Isolation dialog box, select Do not isolate users, and click
Next button (Figure 1060).
Figure 1061 : FTP Site Creation Wizard - FTP Site Home Directory
567
35. Set the FTP Site Access Permissions to Read and Write to allow user upload
and modify the FTP site contents, and then click the Next button to continue
(Figure 1062).
Figure 1062 : FTP Site Creation Wizard - FTP Site Access Permissions
36. Click the Finish button to close the FTP Site Creation Wizard (Figure 1063).
568
EXERCISE 22.8.3
Configure DNS Service for Host Name.
In this exercise you will configure host name for your new FTP site (Student FTP Site).
38. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 1064).
39. Double-click the computer icon to expand the DNS Server (Figure 1065).
569
41. Right click myserver.com and select New Host (A or AAAA) (Figure 1067).
570
571
46. Click Done button to exit New Host Wizard (Figure 1070).
572
EXERCISE 22.8.4
Test FTP Site for Specific User Using Internet Browser.
49. Log on to the client computer as Administrator (Figure 1072).
573
574
53. Your FTP site will appear in the browser (Figure 1076).
575
56. Now try copy any files and paste it to this FTP server.
Could you paste any files?
YES / NO
57. Try to delete the Azul.bmp file (Figure 1078).
576
EXERCISE 22.8.5
Test FTP Site for Specific User Using Command Prompt.
59. Launch the Run application. Click Start Run (Figure 1079).
60. Key-in cmd in the Open : box and click the OK button to launch the Command
Prompt application (Figure 1080).
577
578
579
66. Now attempt to change the name of the Ascent.jpg file to AaBbCc.jpg in the
Student FTP Site. Use the following command to rename the file (Figure 1086):
rename Ascent.jpg AaBbCc.jpg
and press Enter.
68. Now attempt to download AaBbCc.jpg file from the Student FTP Site. Use the
following command to download (Figure 1088):
get AaBbCc.jpg
and press Enter.
580
69. Key-in Bye and press Enter to logout from FTP server (Figure 1089).
581
73. Key-in the filename you want to search (e.g. AaBbCc.jpg) in the All or part of
the file name: box and click the Search button (Figure 1092).
582
74. You should got one file name AaBbCc after finish the search process. If you
want to know the location of the file, place your mouse pointer on the top of the
file and the short summary about the file will appear (Figure 1093).
Summary
In this exercise you have learn how to:
Changing FTP Site Home Directories: Describes the concept of a home directory
and methods for changing the home directory of an FTP site.
Stopping and Starting FTP Sites: Describes why you would need to stop and
restart your FTP sites and how to perform these actions.
Changing Default FTP Site Settings: Describes how to change default settings
globally or on an individual site.
Creating Multiple FTP Sites: Describes how to use IP addresses or port numbers
to differentiate multiple FTP sites.
Adding FTP Sites to Your Server: Describes the process of adding a new FTP
site to a server running IIS.
Securing FTP Sites: Describes some of the misconceptions about FTP security
and how to establish a secure FTP site.
Isolating FTP Users: Describes the concept of FTP user isolation and which type
of isolation to use to restrict users to their own directories.
583