Beruflich Dokumente
Kultur Dokumente
Secure the network so that resources are available to users with proper permissions.
Standard small to large businesses Enterprise for organizations that support higher end apps for more users Datacenter for mission critical applications, very large databases, and high availability Web for hosting and deploying web services and related applications
Base level server license for small to medium companies or workgroups Up to four processors (symmetric multiprocessing) Up to 4 GB RAM supported per server Includes Active Directory support PCC price with 5 CALs: $950
Designed for the enterprise supports server clusters for reliability and performance 8-node clustering available Up to 8 processors per server node Up to 64 GB RAM support PCC price with 5 CALs: $3660
Designed to support very large databases in the enterprise Up to 32-way symmetric multiprocessing 8-node clustering Up to 64 GB RAM Very high availability Purchase from OEM one-stop shopping for hardware, software, operating system: 1 call
6
Lower cost than Standard Edition Includes IIS (Internet Information Services) and .NET Platform with ASP support Dedicated web services Up to 2 symmetric multiprocessors Up to 2 GB RAM Cannot install non-web service applications! Cannot be a domain controller but can be part of an active directory domain
7
PCC price $560 with 5 CALs Supports up to 50 client computers Offers e-mail, file sharing, printing, fax, Two editions standard and premium Includes Microsoft Exchange
8
Workgroup
A logical group of computers (e.g. departmental) Decentralized security, on each server or peer Users need an account on each server or resource they access in workgroup model Thus not scalable keep to less than 10-20 clients Can use peer to peer with no WS03 server Central control of security via Active Directory authentication (global permissions database) Requires at least one server configured as a domain controller
9
Domain
Standalone server user accounts only on that machine (workgroup model or in domain) Member server of active directory domain Domain Controller server contains user accounts and permissions for all the domains servers
User has just one account for the domain and is given permission for all appropriate objects in the AD When a user logs in, DC authenticates by checking the AD database If more than one DC server, can replicate the active directory permissions database in case of failure of the DC
10
All members of the workgroup must list the same workgroup name in their Computer Name property tab of System Properties dialog box (My Computer | Properties) In Administrative Tools, can use Local Users and Groups command to create/maintain users.
In Active Directory, this command is grayed out and a separate one exists
11
Is organized in hierarchy fashion with organizational units (OUs) fashioned after the companys own org chart
Organizational Unit is a container that holds other objects in the domain Tree is a hierarchical collection of domains Forest is a collection of trees that do not share a contiguous DNS naming structure
12
What do I have?
Go to Computer Name property tab of System Properties dialog box (My Computer | Properties) [see p. 10]
If you have a workgroup server, it can be converted to a domain but it is complex and will take a while Best with >10 clients to use active directory and set up domains.
13
Computer Accounts
Dilemma: do you give your users administrator status? This allows them to adjust things more effectively but they can also damage settings! Right click My Computer and choose Manage or Click Start, then Administrative Tools, then Computer Management.
14
To view the Properties of a user or group, right click that name in the right pane and choose Properties
Choose how often the password is changed Choose which groups this user is a member of Change the login profile file or default path
To reset the password, right click the user and choose Set Password.
15
User Accounts in AD
Click Start, Administrative Tools, Actiove Directory Users and Groups Choose domain Select the desired object group
Builtin, Computers, Domain Controllers, ForeignSecurityPrincipals, or Users Many more options are available here more later
16
Physical and logical devices (mostly hardware) Users, computers, and groups (most common) Access to resources (sharing permissions) A server environment (configuring WS03) Disaster recovery (backup and restore, disaster planning)
17
The window style used in Administrative Tools for most of the tools Can build a custom MMC with just the tools you use most often
Click Start, Run, type MMC and click OK Use File | Add/Remove Snap-in command Click Add to choose tools File | Save As and give name you want It will be saved in Administrative Tools and you can drag to desktop or in quick start menu list.
18
Active Directory
Establishes domain security a central point for storing and controlling network objects Single authentication point (although you can have other domain controllers for backup purposes) AD uses domain name service (DNS) to maintain structures:
frank.net could be name of the domain Child domain is campus.frank.net (as prefix)
19
This is the definition of the objects and their security parameters Logical objects
20
Organizational unit a logical container for organizing objects within a single domain Objects such as users, groups, computers, printers, and other OUs can be stored in an OU container May have multiple domains to make it easier to administer
21
Ex: divisions within the company where each has its own domain. They may be administered individually Might have different password policies between divisions
Tree is the collection of domains that share a contiguous DNA naming structure Forest is a collection of trees that do not share a contiguous DNS naming structure
Global Catalog
An index and partial replica of objects and attributes that are used most often throughout the AD structure
It is available to any server within the forest that is configured to be a global catalog server Enables users to find AD information from anywhere in the forest (names, email address) See p. 32 in chapter 1
23
Other AD Concepts
If you have a server called database.frank.net, your workstation queries the DNS server to resolve its IP address.
When you log on, your workstation queries DNS to find a domain controller to authenticate LDAP (lightweight directory access protocol) is used to query or update AD. Naming paths
Distinguished Name every object has one Relative Distinguished Name portion of the DN that uniquely identifies the object within the container.
24