COMP2221 Networks in Organisations Richard Henson November 2012

Week 7: Windows Services… n Objectives:  Explain the mechanism for control of user and system settings on networked machines  Explain the role of the registry in desktop configuration, usability, and security  Explain the mechanisms typical TCP/IP-based network services  Use appropriate software tools for network services, system/network monitoring and troubleshooting

Rapid Boot-up with Windows 7 (1) n Huge improvements in time to logon screen…  32-bit colour animation appears at an early stage »driven by the CPU (& using Intel EFI) n graphics card not yet initiated …  meanwhile, operating system's kernel and critical device drivers are loading into memory in the background…

Rapid Boot-up with Windows 7 (2) n Early stage of boot process bound to i/o:  loading the kernel  device driver files  other system component files n Dimensions of the boot animation limited to a small region of the screen  avoids i/o delay loading animation images during the early stage of boot…

Rapid Boot-up with Windows 7 (3) n Changes to the boot “architecture”  Windows 7 animation happens as the process moves along »contrast with Vista, where the pear animation comes only after the boot sequence is complete…  fewer transitions in graphics mode during initialisation of the graphics subsystem and Windows shell »again, c.f. Vista, where screen flashes black a few times.. n Sound plays BEFORE user login starts…

BUT… n The user in an organisation then needs to log on…  endless loading of policy files…  subsequent configuration to accommodate settings into the local registry…

Policy Files: Controlling User and System Settings… n Arguably the most important part of a network manager’s job  get it right: happy users, happy managers  get it wrong: frustrated users, angry managers

Even at remote locations (!) n General principle of no access at all without logon… n Policies determine the desktops and services available when users logon right access the (enterprise) network

User/System Policy Settings  Different types of system? »different registry settings needed  System settings for computer may need to be changed for particular users »e.g. lower screen refresh rate required for epileptics

Groups and Group Policy n Convenient for users to be put into groups  Settings for group provides particular access to data & services n Problems…  user in wrong group(s)  group has wrong settings

Users and Convenience n Windows Networks provide storage space on Server for user data:  mandatory profiles »no storage for desktop settings all same desktop settings!  roaming profiles »desktop settings preserved on Server between user sessions n but takes extra space n and makes logon even longer!

The all-important Registry n Hierarchical store of system and user settings n Five basic subtrees:  HKEY_LOCAL_MACHINE : local computer info. Does not change no matter which user is logged on  HKEY_USERS : default user settings  HKEY_CURRENT_USER : current user settings  HKEY_CLASSES_ROOT : software config data  HKEY_CURRENT_CONFIG : “active” hardware profile n Each subtree contains one or more subkeys

Location… n C:\windows\system32\config n Six files (no extensions):  Software  System – hardware settings  Sam, Security »not viewable through regedt32  Default – default user  Sysdiff – HKEY USERS subkeys n Also: ntuser.dat file  user settings that override default user

Emergency Recovery if Registry is damaged n Backup registry files created during text- based part of windows installation  also stored in: »C:\windows\system32\config »distinguished by.sav suffix  only used to update registry if “R” option is chosen during a windows recovery/reinstall

Emergency Recovery if registry completely ruined… n Another NEVER UPDATED backup is saved to C:\windows\repair  contains no user and software settings  reboots back to the point: »“Windows is now setting up”

Backing up the Registry n Much forgotten…  can be copied to tape, USB stick CD/DVD, or disk  rarely more than 100 Mb n Two options;  Use third-party backup tool »e.g  Use windows “backup” »not recommended by experts! »already there & it does work! »when choosing backup options, “system state” should be selected

Editing “Live” Registry Settings n Registry data that is loaded into memory can also be overwritten by data:  from local profiles (ntconfig.pol)  downloaded across the network… n Contents should not be changed manually unless you really know what you are doing!!! n Special command line tool available for editing individual system settings:  REGEDT32

Policy Files n Collection of registry settings in a text file  downloaded from the domain controller during logon  settings depend on the user or group logging on n Can overwrite:  local machine registry settings  current user registry settings n Policies should therefore only be created and used by those who know what they are doing!!!

Group Policy Files n Local Computer (local policy)  read from local machine n Domain Controllers (domain policy)  downloaded across the network n Read by CPU on local machine during logon procedure  subsequently written to registry  control user desktop

The Redirector (OSI Level 5) n Client-server service n Provides file and print connectivity between computers  one end must be “server”  provides the service… serverclient may be logged on Server Provides service redirector requests service

Redirector (“Workstation” i.e. client-end) n Implemented as a file system driver  only called if local file system cannot find the file or service  sends request to active directory to locate the data object via Transport Driver Interface (TDI) »communicates directly with transport protocols »allows independence of networking components in OSI layers 2-4

Redirector (Workstation Service) n Adherence to OSI layers…  Can independently add or remove: »transport protocols (layers 3 & 4) »network cards (layers 1 & 2) without reconfiguring the whole system without reconfiguring the whole system n Completely transparent in redirection of i/o calls not serviced locally  esp. important when applications are being used

Server Service n Server end of redirector:  implemented as a file system driver  communicates with lower layers via TDI n Supplies the network connections requested by the client redirector n Receives requests via adapter card drivers, transport protocol (e.g. TCP/IP), and TDI

Running Client-Server Applications n Client process & server process provide a mechanism for:  pipes to link processes that need bi-directional communication  mailslots to link processes only requiring one- directional communication  running Winsock to manage the communication channel  RPCs (Remote Procedure Calls) allowing distributed applications to call procedures anywhere on the network

File and Print Sharing n Shared resource access requires use of  redirector  server service… n Multiple UNC Provider allows connection to a resource on any computer that supports UNC Universal Naming Convention) names  Files \\server\shared folder[\sub-folder]\filename) \\server\shared folder[\sub-folder]\filename\\server\shared folder[\sub-folder]\filename  Printers \\server\shared printer \\server\shared printer\\server\shared printer n Multiple Provider Router supports multiple redirectors

Network Binding n Binding is about linking network components working at different OSI levels together to enable communication n Windows binding is about linking the redirector & server service with the transport protocol and (via NDIS) adapter card drivers  happens automatically when: »there is a change of protocol, or protocol settings »different network adapter drivers are installed »existing adapter card settings are altered

WINS (Windows Internet Names Service) n Client-server protocol like DNS, DHCP  used on first Windows TCP/IP networks to enable computer devices to communicate using IP  manages a dynamic database of IP addresses and local network (NetBIOS) names  clients request IP addresses for particular NetBIOS names  WINS server provides that information n Historical, but NETBIOS names still used in some places

Terminal Services n Allows any PC running a version of Windows to remotely run a Windows server  uses a copy of the server’s desktop on the client machine n Client tools must be installed first, but the link can run with very little bandwidth  possible to remotely manage a server thousands of miles away using a phone connection…

More about the www service n Provided by Microsoft’s Web Server (IIS)  links to TCP port 80  can also provide: »ftp service (port 21) »smtp service (port 25) n Purpose of www service:  Works with http protocol make html pages available: »across the network as an Intranet »across trusted external users/domains as an Extranet

Features of IIS n Provides server end program execution environment:  runs server-scripts n Sets up its own directory structure on the Server for developing Intranets, Extranets, etc. n Sets up communication via TCP port 80 in response to client request n Client end:  browser HTML display environment on client

“Static” web page service client (browser) requests information (HTML page) server (IIS, web server) processes the request, sends HTML page back to the client…

More Features of IIS n Access to any client-server service can be restricted using username/password security at the server end  or could bypass security with “anonymous login »uses a “guest” account – access granted only to files that make up the Intranet »prevents worries about hacking in through guessing passwords of existing users

Client-Server Web Applications n Associated with “dynamic” web pages n Web servers provides a server-side environment that can allow browser data to query remote online databases using SQL…  processing takes place at the server end  centralised and secure! n Some recent challenges to client-server applications  apps using local processing, even storage (!)  again…issue of availability v security

Troubleshooting Resources n Task Manager  Applications tab just gives the name and status of each application that is loaded into memory  Processes tab: »all system processes »Memory usage of each »% CPU time for each »Total CPU time since boot up  Performance tab »Total no. of threads, processes, handles running »% CPU usage n Kernel mode n User mode »Physical memory available/usage »Virtual memory available/usage

Troubleshooting Resources n Event viewer  System events recorded into “event log” files »Three by default: system, auditing, application »customisable  Three types of events: »Information »Warning »Error  More information for each event obtained by double-clicking  Event management also required… »E.g. new files daily, old ones archived? dumped? when? »how often to check event files? »Important to detect security issues and potential failures

Troubleshooting Resources n System Monitor (perfmon.msc)  monitor many aspects of system performance  e.g. capture, filter, or analyses frames or packets sent over the network, or capture data from hardware devices »either display current data graphically, in real-time »or log data at regular intervals to get a longer term picture  Alerts »notify when a particular threshold value has been reached n System Recovery…  If a fatal error occurs: »immediate dump of system memory is made n can be used for identifying the cause of the problem »alerts are sent to users »system is restarted automatically