Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMP2221 Networks in Organisations Richard Henson February 2012.

Published byColin Stanley Modified over 9 years ago

Similar presentations

Presentation on theme: "COMP2221 Networks in Organisations Richard Henson February 2012."— Presentation transcript:

1 COMP2221 Networks in Organisations Richard Henson February 2012

2 Week 5: The Windows Registry, Availability, Inegrity & Security n Objectives:  Explain why user and system settings need to be controlled on networked machines  Explain the role of the registry in Windows desktop and network configuration, user settings, and security  Select appropriate software tools for backup and fault tolerance

3 Platforms for Operating Systems n Continuing from last week… n With Windows 2000 Server…  Intel platform survived threats from RISC architecture…  64-bit alpha platform never that popular  rights to alpha chip bought by Intel n With XP…  Alpha platform option never even offered!

4 Platforms at Client-end and Server-end n Soon afterwards…Windows became 64-bit on an Intel platform:  on server motherboards »Windows 2003 onwards  on workstations (Vista) n Due to Microsoft’s disastrous (mis)launch of Vista…  Apple client platform had a chance to emerge and develop a good range of apps  ensured success of i-player & i-phone

5 “Windows 2003 Server n Main difference at kernel level:  64-bit option  32-bit kernel unchanged… n Noteworthy extra functional enhancements:  GDI+ interface  Enhanced active directory  Group Policy management console

6 BIOS Developments n Earlier motherboards had a single chip containing the BIOS on ROM and a writeable CMOS area  the command line interface invoked was 16-bit n More recent motherboards use EFI (Extensible Firmware Interface)  uses a 32-bit command line  only really exploited with Windows 7, and 2008 Server…

7 More about booting to an Intel platform n BIOS should “point” to selected medium that contains a “boot loader” program »contains “master boot record” (MBR) »points to the boot partition n containing the operating system n Different media prepared in different ways »hard disk still the conventional boot medium n number of partitions so potential choice of bootable media »CDs & USBs only have one partition

8 Partitions, Hard Disks and Multiple Operating Systems n MBR must be on the first (C:) partition n Possible to have different operating systems on the same hard disk…  varieties of Windows  varieties of Unix… n BUT…  Master Boot Record systems different on Unix and Windows  still possible to have ONE Unix partition…

9 Logon n Once the operating system has been loaded…  user logon screen presented n Rapid local boot is fine…  but most organisational computers are on networks… »why?  why does network logon take so long?

10 “Policies”: Controlling User and System Settings n The Windows user’s desktop is controlled with policies  user policies  system policies n Configuring and using policies - essential part of any network administrator’s job!  could be 100s or 1000s of systems, & users

11 Storage of User/System Settings: Windows Registry n Early Windows extended DOS text files of system & user settings:  SYSTEM.INI enhanced CONFIG.SYS  WIN.INI enhanced AUTOEXEC.BAT n Windows 95 created a two dimensional structure… known as The Registry  principles later extended in Windows NT v4 to allow system and user settings to be downloaded to local registry across the network

12 Viewing/Editing the Registry n REGEDT32 from command prompt…  look but don’t touch!  contents should not be changed manually unless you really know what you are doing!!! n Registry data that is loaded into memory can also be overwritten by data:  from local profiles  downloaded across the network…

13 System Settings n For configuration of hardware and software  different types of system need different settings  system settings for a given computer may need to be changed for particular users e.g. to change screen refresh rate for epileptics

14 User Settings n More a matter of convenience for the user  mandatory profiles »users all get the same desktop settings! »anything added is lost during logoff!  roaming profiles - desktop settings preserved between user sessions »saved across the network…

15 What is The Registry? n A hierarchical store of system and user settings n Five basic subtrees:  HKEY_LOCAL_MACHINE : local computer info. Does not change no matter which user is logged on  HKEY_USERS : default user settings  HKEY_CURRENT_USER : current user settings  HKEY_CLASSES_ROOT : software config data  HKEY_CURRENT_CONFIG : “active” hardware profile n Each subtree contains one or more subkeys…

16 Location of the Windows Registry n In XP…  c:\windows\system32\config folder n Six files (no extensions):  Software  System – hardware settings  Sam, Security »not viewable through regedt32  Default – default user  Sysdiff – HKEY USERS subkeys  Also to be considered: ntuser.dat »user settings that override default user

17 Emergency Recovery if Registry lost or badly damaged n Backup registry files created during text-based part of windows installation  also stored in: »c:\windows\system32\config »have.sav suffix  only updated if “R” option is chosen during a windows recovery/reinstall n NEVER UPDATED backup is saved to  C:\windows\repair folder  no user and software settings  reboots back to “Windows is now setting up”

18 Backing up the Registry n Much forgotten… an oversight that may later be much regretted!!!  can copy to tape, USB stick CD/DVD, or disk  rarely more than 100 Mb n Two options;  Use third-party backup tool »e.g http://www.acronis.co.uk http://www.acronis.co.uk  Use windows “backup” »not recommended by experts! »but already there & does work! »to copy the registry if this tool is chosen, a “system state” backup option should be selected

19 System Policy File n A collection of registry settings downloaded from the domain controller during logon n Can apply different system settings to a computer, depending on the user or group logging on n Can overwrite:  local machine registry settings  current user registry settings n Should therefore only be used by those who know what they are doing!!!

20 System Policy File n Saved as NTCONFIG.POL n Normally held on Domain Controllers  read by local machine during logon procedure  provides desktop settings, and therefore used to control aspects of appearance of the desktop n Different NTCONFIG.POL settings can be applied according to:  User  Group  Computer n Users with roaming profiles additionally save desktop settings to their profile folders

21 Active Directory n Microsoft equivalent of Novell’s NDS (Network Directory Structure)  An LDAP network-wide directory service for providing paths to files and services n Available from Windows 2000 onwards  of limited use on networks with NT v4 clients n All domain controllers contribute to, share, and are part of the Active Directory system  data on network resources, services & users all stored in a single file »ntds.dit  tools available for AD system management »e.g. ntdsutil

22 What is Active Directory? n A object-oriented database (Internet- approved x500 standard)  a hierarchy of data objects (& their properties) »domain controllers »computers »users & groups of users »network resources

23 Backing up the Database n Goes without saying that the loss of Active Directory will be bad for the network  people won’t even be able to log on! n Should be backed up… regularly! n Best way to do this is on another computer…

24 Fault Tolerance n General engineering principle…  if it can go wrong… it will! n To maintain availability for users, the whole domain controller should be backed up!  active directory designed as a distributed database that backs up to a reserve domain controller  Backup domain controller software set up using same active directory wizard

25 Fault Tolerance (hardware fault) n E.g. Hard disks  can crash or become corrupt n System needed for a backup to take over “seamlessly”  i.e. without the user noticing… n Achieved by disk mirroring  exact copy available to take over at a moment’s notice

26 Domain Trust n This allows users on one domain to log onto resources on another domain n Trusts can be one or two-way Domain A Domain B

27 Enterprise Structure of Active Directory n A hierarchical system of organisational data objects  i.e. domains, n A Tree can be »a single domain »group of domains

28 Domain Trees & Forests n Active Directory provides “trust” between the databases of domains that are linked in this way n A “Tree” is the domains and links between them n A “Forest” contains data needed to connect all objects in the tree:  domain objects in the tree are logically linked together in the forest and their users can “trust” each other

29 Active Directory and Users n Active directory allows set up and management of domain users n Can also define domain groups, and allow domain users to become part of domain groups  aids administration  policy file can be set up »interacts with user machines registry during login »controls user desktop

30 Organisations, Organisational Units, and Domains n An organisation may:  have several locations  have several functions in same location in same location n Alternative to multiple domains… multiple domains…  organisational units  group policy can be applied selectively

31 WINS (Windows Internet Names Service) n Used on earlier Windows TCP/IP networks to enable computer devices to communicate using IP  manages a dynamic database of IP addresses and local network (NetBIOS) names  clients request IP addresses for particular NetBIOS names  WINS server provides that information

32 Active Directory and DNS n In Active directory, each domain in the tree has a unique DNS identity  therefore a unique IP address…  can cause confusion when setting up domain structure!! n Also, each device within a domain can also made use of DNS, via its IP address…  no need for WINS…

33 Microsoft TCP/IP stack n Differs from UNIX TCP/IP (e.g. no FTP, SMTP or Telnet) n DNS is available as a network service n Application layer components:  Windows sockets - to interface with sockets-based applications  NetBT - to interface with NetBIOS applications n SNMP, TCP, UDP, IP as with Unix protocol stack

34 Configuring TCP/IP on Windows n Requires local administrator access!!  1. Find “Local Area Connection”: »either through Control Panel/Network & Dial up connections »or by right-clicking on Network Places and choosing Properties  2. Right click on Local Area connection  3. Click on “properties”

35 TCP/IP Configuration (2) n Locate and double-click TCP/IP n If DHCP (dynamic host configuration protocol) is running, IP addressing is dealt with automatically by the DHCP server n Otherwise, three IP addresses need to be added:  Local static machine IP address  Subnet mask  Default gateway

36 TCP/IP Configuration (3) n Local machine IP address  DHCP protocol can automatically assign IP addresses from a Windows 2000 server machine running DHCP server  Alternatively, a static IP address can be keyed in manually n Subnet mask:  normally 255.255.255.0 for small networks  255.255.x.0 for larger networks »x -> 0 as the network gets larger n Default gateway is the IP address of the LAN- Internet interface computer…

37 Windows TCP/IP utilities n Located in the system32 directory n Not available from the GUI n Only accessible via the NT prompt (Ping (packet internet groper):  FTP  Telnet  Finger (retrieval of system information from a computer running TCP/IP & finger  ARP (displays local IP addresses according to equivalent MAC or “physical” addresses)  ipconfig (displays local IP configuration)  tracert (checks route to a remote IP address)

38 Terminal Services n Allows any PC running a version of Windows to remotely run an NT series server  uses a copy of the server’s desktop on the client machine n Client tools must be installed first, but the link can run with very little bandwidth  possible to remotely manage a server thousands of miles away using a phone connection…

39 Remote Access Service n RAS also allows access to an NT network through routes such as:  PSTN  X25  ISDN n Uses Point to Point protocol (PPP)  remember that? n Also supports use of PPP Multilink protocol, which allows a combination of communications links and multiple links to be used

40 Remote Access Service n Also provides capability for VPNs (Virtual Private Networks) using secure Internet access  using PPTP (point-point tunnelling protocol) n Standard username/password authentication still required for all remote logins n Can be used as a Gateway for NetBIOS names or (using IPX) to remotely gain access to Novell Netware services

41 RAS & Secure Remote Login n To login remotely, user must have a valid username/password and RAS dial-in permission n RAS can use “call back” security:  Server receives a remote request for access  Server makes a note of the telephone number  Server calls the remote client back, guaranteeing that the connection is made from a trusted site n Login information is encrypted by default n All remote connections can be audited

42 Internet Information Server (IIS) n Microsoft’s Web Server  can also provide ftp or smtp publishing service n Purpose:  make html pages available: »as a local www service »across the network as an Intranet »across trusted external users/domains as an Extranet  run server-scripts in communication with client browsers n Sets up its own directory structure for developing Intranets, Extranets, etc. n Access to any IIS service can be restricted using username/password security

43 IIS (2) n Can allow anonymous remote login:  Uses a “guest” account – access only to files that make up the Intranet  Anonymous login prevents trying to hack in through guessing passwords of existing users n Provides the software connectivity for a server-side interface that can connect client- server Internet applications such as ASPs (Active Server Pages) to online databases

Download ppt "COMP2221 Networks in Organisations Richard Henson February 2012."

Similar presentations

Nassau Community College

Nassau Community College
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
1 Web Server Administration Chapter 3 Installing the Server.

1 Web Server Administration Chapter 3 Installing the Server.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.

Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.

Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.
Installing software on personal computer

Installing software on personal computer
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Similar presentations

Ads by Google