windows 2000 basics l.
Skip this Video
Loading SlideShow in 5 Seconds..
Windows 2000 Basics PowerPoint Presentation
Download Presentation
Windows 2000 Basics

Loading in 2 Seconds...

play fullscreen
1 / 117

Windows 2000 Basics - PowerPoint PPT Presentation

  • Uploaded on

Windows 2000 Basics Larry Passo MCSE+I, MCT, CCNA, CCDA Kevin Orbaker MCSE, MCT Windows 2000 Versions Windows 2000 Professional Windows 2000 Server Windows 2000 Advanced Server Windows 2000 Datacenter Server Windows 2000 Professional Up to 2 processors Up to 4GB RAM

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Windows 2000 Basics' - jaden

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
windows 2000 basics

Windows 2000 Basics

Larry Passo


Kevin Orbaker


windows 2000 versions
Windows 2000 Versions
  • Windows 2000 Professional
  • Windows 2000 Server
  • Windows 2000 Advanced Server
  • Windows 2000 Datacenter Server
windows 2000 professional
Windows 2000 Professional
  • Up to 2 processors
  • Up to 4GB RAM
  • Upgrade from 9x or NT 3.51/4.0 Workstation
  • Desktop performance
windows 2000 server
Windows 2000 Server
  • Up to 4 processors
  • Up to 4GB RAM
  • Active Directory
  • Terminal Services
windows 2000 advanced server
Windows 2000 Advanced Server
  • Up to 8 processors
  • Up to 8GB RAM
  • Network Balancing
  • Load Balancing
  • Clustering
windows 2000 datacenter server
Windows 2000 Datacenter Server
  • Up to 32 processors
  • Up to 64GB RAM
  • OLTP (OnLine Transaction Processing)
  • OEM Versions Only
new features
New Features
  • Plug and Play
  • Increased hardware support
  • Offline folders
  • Synchronization manager
  • IE 5.0
new features8
New Features
  • ACPI power management
  • FAT32 support
  • Hard Disk Defrag Utility
security features
Security Features
  • Kerberos v5
  • Encrypting File System (EFS)
  • IPSec
  • Smart Card support
  • Secondary logon service (Run As)
  • RADIUS (Remote Authentication Dial-In User Service)
radius terminology
Radius Terminology
  • Dialup clients
  • Radius clients
    • RAS
    • NAS
  • Radius servers
management features
Management Features
  • Nested Like Groups (Native Mode Only)
  • MMC
  • Group Policies
  • Windows Scripting Host (WSH)
management features12
Management Features
  • Remote Installation Services
  • Remote Storage (automatic archiving)
  • Terminal Server
    • administrative installation
    • application installation
file features
File Features
  • Distributed File System (Dfs)
  • Disk Quotas
  • Volume mount points
  • NTFS v5
    • Inheritable permissions
active directory ad
Active Directory (AD)
  • Directory
  • Directory Service
  • A group of names that are defined according to a defined naming method
    • NetBIOS
      • 15 Characters
      • Letters/Numbers/Special
hierarchical namespace
Hierarchical Namespace
  • A multi-level namespace with rules that allow the namespace to be partitioned.
    • DNS
  • A security boundary
  • A replication boundary
  • A logical concept
  • One or more domains
  • Contiguous hierarchical namespace
  • One or more trees
  • Non-contiguous namespace
organizational unit ou
Organizational Unit (OU)
  • An collection of objects in a domain that share common administration
  • Different OUs in the same domain may have different administrators
  • Have hierarchical structure
  • One or more, well connected, IP subnets
  • Relates physical WAN infrastructure to logical domain structure
  • Fast and reliable

Distinct named set of attributes

  • User
  • Printer
  • File
  • Defines the structure of Active Directory
    • Object class
    • Attributes
  • Can be extended
distinguished name
Distinguished Name
  • The absolute address of an object
  • CN=JamesSmith,CN=Users,DC=Microsoft,DC=com
  • The JamesSmith user account in the domain
relative distinguished name
Relative Distinguished Name
  • The address of an object relative to any specific place in a forest
  • CN=JamesSmith,CN=Users
  • A user account that is located in the current domain
domain controller dc
Domain Controller (DC)
  • Windows 2000 Server with AD
  • Contains information about all the objects in a domain
  • No more PDCs or BDCs
global catalog
Global Catalog
  • A partial replica of every domain in AD (entire forest)
  • Knowledge of the existence of all objects but not all of the attributes of those objects
  • Global Catalog servers are also DCs
group types
Group Types
  • Security Groups
  • Distribution Groups
security groups
Security Groups
  • Domain Local Group
  • Domain Global Group
  • Universal Group (native mode only)
  • Like groups may be nested in native mode
lightweight directory access protocol ldap
Lightweight Directory Access Protocol (LDAP)
  • A protocol used to access AD
  • The preferred access protocol
  • A simplified version of DAP from X.500
changes to domain model
Changes to domain model
  • DNS and TCP/IP are now mandatory
  • Automatic, two-way, transitive trusts
  • Hierarchical
delegate management
Delegate Management
  • Use OUs within a domain to delegate administrative control over objects
    • Users
    • Printers
    • Computers
  • OUs can take the place of multiple domains
delegate management35
Delegate management

Accounting OU contains Printers located in accounting.

Accountant Joe delegated printer management.






extending schema
Extending Schema
  • New types of objects and/or attributes can be created
  • Existing objects can be extended to include new attributes
  • Exchange 2000 extends AD
    • Forestprep
    • Setup
testing environment
Testing Environment
  • Build it to your needs
    • Domain Model
    • Simulate site speeds
  • Global Catalog Servers
    • Replication traffic vs. Authentication traffic
implementation and migration planning
Implementation and Migration Planning
  • Determine your migration path
    • In place upgrade vs. Parallel migration
  • Software validation
  • DNS naming definitions
justification to management
Justification to Management
  • Why should you implement today?
    • Decrease TCO
    • Eliminate most reboots
    • Increased uptime
  • Shrinking Support for NT 4.0
mixed mode
Mixed Mode
  • Default configuration
  • Supports NT BDCs
  • All DC’s support Win9x/NT authentication
  • More Overhead
native mode
Native Mode
  • No support for NT 4.0 BDCs
  • Allows for legacy member servers and desktops
  • Increases functionality
    • Speed, Universal Groups, nesting of like groups
  • Conversion to native is one way
ou design
OU Design
  • OUs are defined within domains
  • Reflects organizational divisions
  • Designed to make logical organizations of the business model
  • Consider the implications of:
    • Inheritance of Group Policy
    • Inheritance of Security
  • OUs typically change from domain to domain
example ou design















Example OU Design

domain design
Domain Design
  • Single domain
  • Tree
  • Forest
single domain advantages
Single Domain Advantages
  • Simple to implement
  • Effective for large and small organizations
  • Delegate administration with OUs
  • No trusts required
  • Can move objects between OUs
single domain disadvantages
Single Domain Disadvantages
  • Can’t limit replication traffic
  • Single security policy
multiple domain
Multiple Domain

multiple domain advantage
Multiple Domain Advantage
  • Unlimited scalability
  • Two-way transitive trusts
  • Can break up administrative through domains and OUs
  • Multiple security policies
multiple domain disadvantage
Multiple Domain Disadvantage
  • Increased complexity
  • Increased GC replication traffic
  • Cannot easily move objects between domains
    • Requires third-party solutions

forest guidelines
Forest Guidelines
  • Don’t create a multiple trees without a solid business reason
  • If a company is diverse, multiple trees may be the best model
forest advantages
Forest Advantages
  • Noncontiguous namespace
    • Acquiring a new company
    • Planning for splitting a company
forest disadvantage
Forest Disadvantage
  • Noncontiguous namespace
  • Increased GC replication traffic
  • Increased management complexity!
intrasite replication
Intrasite Replication
  • Frequent
  • Uncompressed
  • Can’t be scheduled
  • RPC Only
intersite replication
Intersite Replication
  • Compressed
  • Scheduled
  • RPC or SMTP
global catalog server
Global Catalog Server
  • Determine authentication and replication needs
  • Replicating extended information
    • Which extended attributes should be included
  • Requires additional memory
global catalog server logon
Global Catalog Server – Logon
  • Client machine contacts the cached domain controller (DC)
  • DC looks at the IP address of client machine
  • If the client is not on the local subnet, the DC checks the GC to see if there is a DC more local to the client
  • Client notified if the cached DC isn’t the closest DC
  • Avoids WAN traffic when possible
operations masters
Operations Masters
  • Schema master
  • Domain naming master
  • RID master
  • PDC Emulator
  • Infrastructure master
schema master
Schema master
  • One per forest
  • Controls all updates and changes to the schema
domain naming master
Domain Naming Master
  • One per forest
  • Controls addition or removal of domains from the forest
rid master
RID Master
  • One per domain
  • Allocates sequences of RIDs to the DCs in a domain
pdc emulator
PDC Emulator
  • One per domain
  • Sends updates to BDCs
  • Receives preferential replication of password changes from DCs
    • What if replication hasn’t been received yet?
infrastructure master
Infrastructure master
  • One per domain
  • Updates group to users references when group memberships are changed
  • Should not be a GC
  • FSMO Management
dns primer
DNS Primer
  • A zone is a subtree of the DNS tree
    • Administered separately
    • Common zone is second level (
    • Zones can be divided into sub zones
    • A name server can manage one or more zones
dns primer70
DNS Primer
  • Domain or Zone?
    • “microsoft” is the zone
    • “” is the domain
dns primer71
DNS Primer
  • Internet is one name space (.)
    • Drive root (\)
  • Top Level Domains (TLD)
    • .com, .net, .org, .mil
  • Second Level Domains
  • Fully Qualified Domain Name (FQDN)
dns primer72
DNS Primer
  • The directory is the zone file
  • The directory service resolves a FQDN to an IP address in the directory
  • Single master replication of directory
  • MSDNS is fully RFC compliant
dns server types
DNS Server Types
  • Three server types
    • Primary
      • Hosts zone information
      • Only one per zone
    • Secondary
      • Obtains database via zone transfer
      • One or more per zone
    • Caching only
dns naming
DNS Naming
  • Use Internet-standard characters
    • “A”-“ Z”, “a”-“z”, “0”-“9”, and “-” (RFC 1123)
    • Microsoft DNS supports wider range
  • Users not exposed to domain names
    • E-mail style login name doesn’t have to be related to domain name
    • Most interaction is query to global catalog
  • Admins exposed to domain names
dns locater service
DNS Locater Service
  • Domain controllers dynamically register Service Location records
    • SRV resource record (RFC 2052)
    • Maps (service) --> (hosts offering service)
    • General rendezvous mechanism
    • Analogous to SMTP and the MX record
  • NETLOGON service sends updates
    • Dynamic update protocol (RFC 2136)
dns locater records
DNS Locater Records
  • SRV records are named like
    • ldap.tcp.<domain name>.
    • i.e.
    • More like that, all ending in

<domain name>

  • DNS server that owns <domain name>
    • MUST support the SRV record
    • SHOULD support dynamic update
dns requirements for ad
DNS Requirements for AD
  • Must support SRV records(RFC 2052)
    • Bind 8.1.1
  • Should support DDNS(RFC 2136)
    • Windows 2000 DNS
    • Bind v8.1.2
ad and dns
AD and DNS
  • AD integration (optional)
    • Single replication topology
    • Per-property replication
    • Secure replication
    • Multi-master replication
    • Simplified management
    • Support for non Win2K DNS servers
    • ACL maintained authority control DNS Models
single zone
Single zone
  • internal
  • external
dual zone
Dual Zone
  • internal
  • external
zone requirements
Zone requirements
  • “”“”“”“”
dns name registration
DNS Name Registration
  • DDNS registration process

SOA Query

SOA Response

Assertion update



dns name registration83
DNS Name Registration
  • DNS registration process
    • Win2K Client / Win2K DHCP Server
      • Client DHCP service responsible
      • Client updates A RR
      • DHCP server updates PTR RR
    • Win2K Client / NT4 DHCP Server
      • Client update A and PTR RR
new features of windows 2000 dns
New Features of Windows 2000 DNS
  • DNS registration process
    • NT4 Client / Win2K DHCP Server
      • DHCP Serve update A and PTR RR
    • Win2K Client (Static)
      • Client update A and PTR record
    • RAS Client treated as Static
      • Client update A and PTR record
      • Attempts to remove A and PTR when closing connection
new features of windows 2000 dns86
New Features of Windows 2000 DNS
  • Scavenging
    • Dynamic update requires maintenance
    • Defined scavenge criteria
      • No-refresh and refresh intervals
new features of windows 2000 dns87
New Features of Windows 2000 DNS
  • Unicode Character Support
    • Supports NetBIOS namespace
    • Allowed per server or zone
    • Interoperability is unknown with non-UTF-8-aware DNS servers
dns performance
DNS Performance
  • Performance
    • Dual Pentium II 400
      • 900 Queries/ses
      • 100 Dynamic registrations/sec
      • 35% CPU Utilization
    • More than 2,200,000,000 and 270,000,000 dynamic registrations in 19 days
dns and wins
  • WINS still required for down-level clients
  • Applications may still be NetBIOS only
  • WINS improvements
    • Improved reporting
    • Improved management
    • Improved performance

Two types:

  • Symmetric
  • Asymmetric
symmetric encryption
Symmetric Encryption

Same key used for encryption and decryption

  • DES
  • Triple DES (3DES)
asymmetric encryption
Asymmetric Encryption
  • Different keys used for encryption and decryption
    • One private key, one public key
    • RSA, PGP
  • Referred to as “Public Key (PKI)”
principles of encryption
Principles of Encryption
  • What do you know?
  • What can you find out?
  • What do you want to do?
  • What did you not do?
what do you want to do
What Do You Want To Do?
  • Digital Signature
    • Start with the sender’s private key
  • Digital Envelope
    • Start with the recipient’s public key
what did you not do
What Did You Not Do?
  • Digital Signature
    • Guarantees origin
    • Doesn’t protect contents
  • Digital Envelope
    • Conceals content
    • Doesn’t guarantee origin
  • To send an encrypted message to anyone you need their public key
  • How can you get securely get their public key?
  • Certificate Authorities
  • X.509 based certificates
  • Both ends authenticate before transmission
  • Encrypts data transmission
  • Authentication methods
    • Kerberos
    • Certificates
    • Text-based key (authentication only)
enabling ipsec
Enabling IPSec
  • Chose a default policy
  • Choose an authentication method
ipsec policies
IPSec Policies
  • Client
    • Respond Only
  • Server
    • Request Security
    • Require Security
kerberos components
Kerberos Components
  • Kerberos Server
  • Ticket Granting Server
  • Ticket Granting Ticket
kerberos authentication
Kerberos Authentication
  • Client sends request to Kerberos server
  • Kerberos sends valid user
    • Session key between the client and TGS, encrypted w/client's secret key
    • TGT, encrypted w/Kerberos’ secret key
  • The client decrypts the TGT with its secret key
kerberos authentication106
Kerberos Authentication
  • To obtain a ticket for a service
    • Client encrypts a request using session key from Kerberos
    • TGS decrypts request and, if valid, returns a ticket for the service
when to upgrade
When To Upgrade
  • Member servers and client workstations
    • upgrade anytime
  • Domain Controllers
    • PDC always first
plan for disaster
Plan for Disaster
  • Before upgraded the PDC
    • Install new NT 4.0 BDC
    • Force replication
    • Take box offline
    • Save for a rainy day
upgrade path
Upgrade Path
  • Install NEW DC
  • Upgrade NT 4.0 BDCs
  • Upgrade clients
  • Convert to native mode (someday)
upgrading clients
Upgrading Clients
  • NT 4.0 Boxes
    • Upgrade to Windows 2000
  • Windows 9x
    • Install new Windows 2000 Professional
native mode112
Native Mode
  • Client authentication issues
    • Non-AD aware clients must be authenticated by the PDC emulator
  • Improved performance
directory services client
Directory Services Client

For Windows 9x/NT 4.0 clients

directory services client114
Directory Services Client
  • Supported features
    • Site Awareness
    • ADSI Interface
    • Dfs fault tolerant client
    • WAB Client
    • NTLM v2.0
directory services client115
Directory Services Client
  • Unsupported features
    • Kerberos
    • Group Policy / IntelliMirror
    • IPSec or L2TP
    • Mutual Authentication
what s new in windows xp
What’s New in Windows XP
  • This is not the Xbox
  • All beta versions are known as “Whistler”
    • XP Home Edition
    • XP Professional
    • Windows .NET Server products