1 Chapter 1 Introduction to Windows Server 2003

2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc. Secure the network so that resources are available to users with proper permissions.

3 Four Main WS03 Editions Standard – small to large businesses Enterprise – for organizations that support higher end apps for more users Datacenter – for mission critical applications, very large databases, and high availability Web – for hosting and deploying web services and related applications

4 WS03 Standard Edition Base level server license for small to medium companies or workgroups Up to four processors (symmetric multiprocessing) Up to 4 GB RAM supported per server Includes Active Directory support PCC price with 5 CALs: $950

5 WS03 Enterprise Edition Designed for the enterprise – supports server clusters for reliability and performance 8-node clustering available Up to 8 processors per server node Up to 64 GB RAM support PCC price with 5 CALs: $3660

6 WS03 Datacenter Edition Designed to support very large databases in the enterprise Up to 32-way symmetric multiprocessing 8-node clustering Up to 64 GB RAM Very high availability Purchase from OEM – one-stop shopping for hardware, software, operating system: 1 call

7 WS03 Web Edition Lower cost than Standard Edition Includes IIS (Internet Information Services) and.NET Platform with ASP support Dedicated web services Up to 2 symmetric multiprocessors Up to 2 GB RAM Cannot install non-web service applications! Cannot be a domain controller but can be part of an active directory domain

8 Other Windows 2003 Servers R2 – released in December 2005 in each main edition Essentially it is Service Pack 2 with streamlined server management features Small Business Server - entry level server, for smaller companies PCC price $560 with 5 CALs Supports up to 50 client computers Offers , file sharing, printing, fax, Two editions – standard and premium Includes Microsoft Exchange

9 Two WS03 Security Models Workgroup A logical group of computers (e.g. departmental) Decentralized security, on each server or peer Users need an account on each server or resource they access in workgroup model Thus not scalable – keep to less than clients Can use peer to peer with no WS03 server Domain Central control of security via Active Directory authentication (global permissions database) Requires at least one server configured as a domain controller

10 Type of Server Roles Standalone server – user accounts only on that machine (workgroup model or in domain) Member server – of active directory domain Domain Controller server – contains user accounts and permissions for all the domain’s servers User has just one account for the domain and is given permission for all appropriate objects in the AD When a user logs in, DC authenticates by checking the AD database If more than one DC server, can replicate the active directory permissions database in case of failure of the DC

11 Managing with Workgroups All members of the workgroup must list the same workgroup name in their Computer Name property tab of System Properties dialog box (My Computer | Properties) In Administrative Tools, can use Local Users and Groups command to create/maintain users. In Active Directory, this command is grayed out and a separate one exists

12 Active Directory Overview Domain has a unique name Is organized in hierarchy fashion with organizational units (OUs) fashioned after the company’s own org chart Organizational Unit is a container that holds other objects in the domain Tree is a hierarchical collection of domains Forest is a collection of trees that do not share a contiguous DNS naming structure

13 What do I have? Go to Computer Name property tab of System Properties dialog box (My Computer | Properties) [see p. 10] It will state whether Workgroup or Domain If you have a workgroup server, it can be converted to a domain but it is complex and will take a while Best with >10 clients to use active directory and set up domains.

14 Computer Accounts On a workstation, must have administrator permission to view these Dilemma: do you give your users administrator status? This allows them to adjust things more effectively but they can also damage settings! To check local accounts … Right click My Computer and choose Manage or Click Start, then Administrative Tools, then Computer Management.

15 Local Users and Groups To view the Properties of a user or group, right click that name in the right pane and choose Properties Choose how often the password is changed Choose which groups this user is a member of Change the login profile file or default path To reset the password, right click the user and choose Set Password.

16 User Accounts in AD Click Start, Administrative Tools, Actiove Directory Users and Groups Choose domain Select the desired object group – Builtin, Computers, Domain Controllers, ForeignSecurityPrincipals, or Users Right click user or group and choose Properties Many more options are available here – more later…

17 Network Management and Maintenance Overview Five focus areas for a LAN admin: managing and maintaining: Physical and logical devices (mostly hardware) Users, computers, and groups (most common) Access to resources (sharing permissions) A server environment (configuring WS03) Disaster recovery (backup and restore, disaster planning)

18 MMC – Microsoft Management Console The window style used in Administrative Tools for most of the tools Can build a custom MMC with just the tools you use most often Click Start, Run, type MMC and click OK Use File | Add/Remove Snap-in command Click Add to choose tools … File | Save As and give name you want It will be saved in Administrative Tools and you can drag to desktop or in quick start menu list.

19 Active Directory Establishes domain security – a central point for storing and controlling network objects Single authentication point (although you can have other domain controllers for backup purposes) AD uses domain name service (DNS) to maintain structures: frank.net could be name of the domain Child domain is campus.frank.net (as prefix)

20 Active Directory Schema This is the definition of the objects and their security parameters Logical objects Domains and organizational units Trees and forests Global catalog

21 Domains and OUs Organizational unit – a logical container for organizing objects within a single domain Objects such as users, groups, computers, printers, and other OUs can be stored in an OU container May have multiple domains to make it easier to administer

22 Trees and Forest May have multiple domains within an enterprise (like 431 servers) Ex: divisions within the company where each has its own domain. They may be administered individually Might have different password policies between divisions Tree is the collection of domains that share a contiguous DNA naming structure Forest is a collection of trees that do not share a contiguous DNS naming structure Do not have to have multiple domains

23 Global Catalog An index and partial replica of objects and attributes that are used most often throughout the AD structure It is available to any server within the forest that is configured to be a global catalog server Enables users to find AD information from anywhere in the forest (names, address…) See p. 32 in chapter 1

24 Other AD Concepts If you have a server called database.frank.net, your workstation queries the DNS server to resolve its IP address. When you log on, your workstation queries DNS to find a domain controller to authenticate LDAP (lightweight directory access protocol) is used to query or update AD. Naming paths … Distinguished Name – every object has one Relative Distinguished Name – portion of the DN that uniquely identifies the object within the container.