windows 2000 basics
Download
Skip this Video
Download Presentation
Windows 2000 Basics

Loading in 2 Seconds...

play fullscreen
1 / 117

Windows 2000 Basics - PowerPoint PPT Presentation


  • 304 Views
  • Uploaded on

Windows 2000 Basics Larry Passo MCSE+I, MCT, CCNA, CCDA Kevin Orbaker MCSE, MCT Windows 2000 Versions Windows 2000 Professional Windows 2000 Server Windows 2000 Advanced Server Windows 2000 Datacenter Server Windows 2000 Professional Up to 2 processors Up to 4GB RAM

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Windows 2000 Basics' - jaden


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
windows 2000 basics

Windows 2000 Basics

Larry Passo

MCSE+I, MCT, CCNA, CCDA

Kevin Orbaker

MCSE, MCT

windows 2000 versions
Windows 2000 Versions
  • Windows 2000 Professional
  • Windows 2000 Server
  • Windows 2000 Advanced Server
  • Windows 2000 Datacenter Server
windows 2000 professional
Windows 2000 Professional
  • Up to 2 processors
  • Up to 4GB RAM
  • Upgrade from 9x or NT 3.51/4.0 Workstation
  • Desktop performance
windows 2000 server
Windows 2000 Server
  • Up to 4 processors
  • Up to 4GB RAM
  • Active Directory
  • Terminal Services
windows 2000 advanced server
Windows 2000 Advanced Server
  • Up to 8 processors
  • Up to 8GB RAM
  • Network Balancing
  • Load Balancing
  • Clustering
windows 2000 datacenter server
Windows 2000 Datacenter Server
  • Up to 32 processors
  • Up to 64GB RAM
  • OLTP (OnLine Transaction Processing)
  • OEM Versions Only
new features
New Features
  • Plug and Play
  • Increased hardware support
  • Offline folders
  • Synchronization manager
  • IE 5.0
new features8
New Features
  • ACPI power management
  • FAT32 support
  • Hard Disk Defrag Utility
security features
Security Features
  • Kerberos v5
  • Encrypting File System (EFS)
  • IPSec
  • Smart Card support
  • Secondary logon service (Run As)
  • RADIUS (Remote Authentication Dial-In User Service)
radius terminology
Radius Terminology
  • Dialup clients
  • Radius clients
    • RAS
    • NAS
  • Radius servers
management features
Management Features
  • Nested Like Groups (Native Mode Only)
  • MMC
  • Group Policies
  • Windows Scripting Host (WSH)
management features12
Management Features
  • Remote Installation Services
  • Remote Storage (automatic archiving)
  • Terminal Server
    • administrative installation
    • application installation
file features
File Features
  • Distributed File System (Dfs)
  • Disk Quotas
  • Volume mount points
  • NTFS v5
    • Inheritable permissions
active directory ad
Active Directory (AD)
  • Directory
  • Directory Service
namespace
Namespace
  • A group of names that are defined according to a defined naming method
    • NetBIOS
      • 15 Characters
      • Letters/Numbers/Special
hierarchical namespace
Hierarchical Namespace
  • A multi-level namespace with rules that allow the namespace to be partitioned.
    • DNS
      • www.mycompany.com
domain
Domain
  • A security boundary
  • A replication boundary
  • A logical concept
slide19
Tree
  • One or more domains
  • Contiguous hierarchical namespace
forest
Forest
  • One or more trees
  • Non-contiguous namespace
organizational unit ou
Organizational Unit (OU)
  • An collection of objects in a domain that share common administration
  • Different OUs in the same domain may have different administrators
  • Have hierarchical structure
slide22
Site
  • One or more, well connected, IP subnets
  • Relates physical WAN infrastructure to logical domain structure
  • Fast and reliable
object
Object

Distinct named set of attributes

  • User
  • Printer
  • File
schema
Schema
  • Defines the structure of Active Directory
    • Object class
    • Attributes
  • Can be extended
distinguished name
Distinguished Name
  • The absolute address of an object
  • CN=JamesSmith,CN=Users,DC=Microsoft,DC=com
  • The JamesSmith user account in the microsoft.com domain
relative distinguished name
Relative Distinguished Name
  • The address of an object relative to any specific place in a forest
  • CN=JamesSmith,CN=Users
  • A user account that is located in the current domain
domain controller dc
Domain Controller (DC)
  • Windows 2000 Server with AD
  • Contains information about all the objects in a domain
  • No more PDCs or BDCs
global catalog
Global Catalog
  • A partial replica of every domain in AD (entire forest)
  • Knowledge of the existence of all objects but not all of the attributes of those objects
  • Global Catalog servers are also DCs
group types
Group Types
  • Security Groups
  • Distribution Groups
security groups
Security Groups
  • Domain Local Group
  • Domain Global Group
  • Universal Group (native mode only)
  • Like groups may be nested in native mode
lightweight directory access protocol ldap
Lightweight Directory Access Protocol (LDAP)
  • A protocol used to access AD
  • The preferred access protocol
  • A simplified version of DAP from X.500
changes to domain model
Changes to domain model
  • DNS and TCP/IP are now mandatory
  • Automatic, two-way, transitive trusts
  • Hierarchical
delegate management
Delegate Management
  • Use OUs within a domain to delegate administrative control over objects
    • Users
    • Printers
    • Computers
  • OUs can take the place of multiple domains
delegate management35
Delegate management

Accounting OU contains Printers located in accounting.

Accountant Joe delegated printer management.

CORP

OPS

MFG

ACCT

HR

extending schema
Extending Schema
  • New types of objects and/or attributes can be created
  • Existing objects can be extended to include new attributes
  • Exchange 2000 extends AD
    • Forestprep
    • Setup
testing environment
Testing Environment
  • Build it to your needs
    • Domain Model
    • Simulate site speeds
  • Global Catalog Servers
    • Replication traffic vs. Authentication traffic
implementation and migration planning
Implementation and Migration Planning
  • Determine your migration path
    • In place upgrade vs. Parallel migration
  • Software validation
  • DNS naming definitions
justification to management
Justification to Management
  • Why should you implement today?
    • Decrease TCO
    • Eliminate most reboots
    • Increased uptime
  • Shrinking Support for NT 4.0
mixed mode
Mixed Mode
  • Default configuration
  • Supports NT BDCs
  • All DC’s support Win9x/NT authentication
  • More Overhead
native mode
Native Mode
  • No support for NT 4.0 BDCs
  • Allows for legacy member servers and desktops
  • Increases functionality
    • Speed, Universal Groups, nesting of like groups
  • Conversion to native is one way
ou design
OU Design
  • OUs are defined within domains
  • Reflects organizational divisions
  • Designed to make logical organizations of the business model
  • Consider the implications of:
    • Inheritance of Group Policy
    • Inheritance of Security
  • OUs typically change from domain to domain
example ou design
executive

admin

resources

resources

users

users

corporate

computers

temporary

corporate

computers

temporary

printers

printers

Example OU Design

company.org

domain design
Domain Design
  • Single domain
  • Tree
  • Forest
single domain advantages
Single Domain Advantages
  • Simple to implement
  • Effective for large and small organizations
  • Delegate administration with OUs
  • No trusts required
  • Can move objects between OUs
single domain disadvantages
Single Domain Disadvantages
  • Can’t limit replication traffic
  • Single security policy
multiple domain
Multiple Domain

company.org

na.company.org

euro.company.org

asia.company.org

multiple domain advantage
Multiple Domain Advantage
  • Unlimited scalability
  • Two-way transitive trusts
  • Can break up administrative through domains and OUs
  • Multiple security policies
multiple domain disadvantage
Multiple Domain Disadvantage
  • Increased complexity
  • Increased GC replication traffic
  • Cannot easily move objects between domains
    • Requires third-party solutions
forest53
Forest

widgets.org

gidgets.net

fidgets.com

forest guidelines
Forest Guidelines
  • Don’t create a multiple trees without a solid business reason
  • If a company is diverse, multiple trees may be the best model
forest advantages
Forest Advantages
  • Noncontiguous namespace
    • Acquiring a new company
    • Planning for splitting a company
forest disadvantage
Forest Disadvantage
  • Noncontiguous namespace
  • Increased GC replication traffic
  • Increased management complexity!
intrasite replication
Intrasite Replication
  • Frequent
  • Uncompressed
  • Can’t be scheduled
  • RPC Only
intersite replication
Intersite Replication
  • Compressed
  • Scheduled
  • RPC or SMTP
global catalog server
Global Catalog Server
  • Determine authentication and replication needs
  • Replicating extended information
    • Which extended attributes should be included
  • Requires additional memory
global catalog server logon
Global Catalog Server – Logon
  • Client machine contacts the cached domain controller (DC)
  • DC looks at the IP address of client machine
  • If the client is not on the local subnet, the DC checks the GC to see if there is a DC more local to the client
  • Client notified if the cached DC isn’t the closest DC
  • Avoids WAN traffic when possible
operations masters
Operations Masters
  • Schema master
  • Domain naming master
  • RID master
  • PDC Emulator
  • Infrastructure master
schema master
Schema master
  • One per forest
  • Controls all updates and changes to the schema
domain naming master
Domain Naming Master
  • One per forest
  • Controls addition or removal of domains from the forest
rid master
RID Master
  • One per domain
  • Allocates sequences of RIDs to the DCs in a domain
pdc emulator
PDC Emulator
  • One per domain
  • Sends updates to BDCs
  • Receives preferential replication of password changes from DCs
    • What if replication hasn’t been received yet?
infrastructure master
Infrastructure master
  • One per domain
  • Updates group to users references when group memberships are changed
  • Should not be a GC
slide67
Demo
  • FSMO Management
dns primer
DNS Primer
  • A zone is a subtree of the DNS tree
    • Administered separately
    • Common zone is second level (microsoft.com)
    • Zones can be divided into sub zones
    • A name server can manage one or more zones
dns primer70
DNS Primer
  • Domain or Zone?
    • “microsoft” is the zone
    • “microsoft.com” is the domain
dns primer71
DNS Primer
  • Internet is one name space (.)
    • Drive root (\)
  • Top Level Domains (TLD)
    • .com, .net, .org, .mil
  • Second Level Domains
    • .microsoft.com
  • Fully Qualified Domain Name (FQDN)
    • www.microsoft.com
dns primer72
DNS Primer
  • The directory is the zone file
  • The directory service resolves a FQDN to an IP address in the directory
  • Single master replication of directory
  • MSDNS is fully RFC compliant
dns server types
DNS Server Types
  • Three server types
    • Primary
      • Hosts zone information
      • Only one per zone
    • Secondary
      • Obtains database via zone transfer
      • One or more per zone
    • Caching only
dns naming
DNS Naming
  • Use Internet-standard characters
    • “A”-“ Z”, “a”-“z”, “0”-“9”, and “-” (RFC 1123)
    • Microsoft DNS supports wider range
  • Users not exposed to domain names
    • E-mail style login name doesn’t have to be related to domain name
    • Most interaction is query to global catalog
  • Admins exposed to domain names
dns locater service
DNS Locater Service
  • Domain controllers dynamically register Service Location records
    • SRV resource record (RFC 2052)
    • Maps (service) --> (hosts offering service)
    • General rendezvous mechanism
    • Analogous to SMTP and the MX record
  • NETLOGON service sends updates
    • Dynamic update protocol (RFC 2136)
dns locater records
DNS Locater Records
  • SRV records are named like
    • ldap.tcp..
    • i.e. ldap.tcp.nt.microsoft.com.
    • More like that, all ending in

  • DNS server that owns
    • MUST support the SRV record
    • SHOULD support dynamic update
dns requirements for ad
DNS Requirements for AD
  • Must support SRV records(RFC 2052)
    • Bind 8.1.1
  • Should support DDNS(RFC 2136)
    • Windows 2000 DNS
    • Bind v8.1.2
ad and dns
AD and DNS
  • AD integration (optional)
    • Single replication topology
    • Per-property replication
    • Secure replication
    • Multi-master replication
    • Simplified management
    • Support for non Win2K DNS servers
    • ACL maintained authority control DNS Models
single zone
Single zone
  • Example.com internal
  • Example.com external
dual zone
Dual Zone
  • Example.com internal
  • Corp.example.com external
zone requirements
Zone requirements
  • “_msdcs.example.com”“_tcp.example.com”“_udp.example.com”“_sites.example.com”
dns name registration
DNS Name Registration
  • DDNS registration process

SOA Query

SOA Response

Assertion update

ACK/NACK

Registration

dns name registration83
DNS Name Registration
  • DNS registration process
    • Win2K Client / Win2K DHCP Server
      • Client DHCP service responsible
      • Client updates A RR
      • DHCP server updates PTR RR
    • Win2K Client / NT4 DHCP Server
      • Client update A and PTR RR
new features of windows 2000 dns
New Features of Windows 2000 DNS
  • DNS registration process
    • NT4 Client / Win2K DHCP Server
      • DHCP Serve update A and PTR RR
    • Win2K Client (Static)
      • Client update A and PTR record
    • RAS Client treated as Static
      • Client update A and PTR record
      • Attempts to remove A and PTR when closing connection
new features of windows 2000 dns86
New Features of Windows 2000 DNS
  • Scavenging
    • Dynamic update requires maintenance
    • Defined scavenge criteria
      • No-refresh and refresh intervals
new features of windows 2000 dns87
New Features of Windows 2000 DNS
  • Unicode Character Support
    • Supports NetBIOS namespace
    • Allowed per server or zone
    • Interoperability is unknown with non-UTF-8-aware DNS servers
dns performance
DNS Performance
  • Performance
    • Dual Pentium II 400
      • 900 Queries/ses
      • 100 Dynamic registrations/sec
      • 35% CPU Utilization
    • More than 2,200,000,000 and 270,000,000 dynamic registrations in 19 days
dns and wins
DNS and WINS
  • WINS still required for down-level clients
  • Applications may still be NetBIOS only
  • WINS improvements
    • Improved reporting
    • Improved management
    • Improved performance
encryption
Encryption

Two types:

  • Symmetric
  • Asymmetric
symmetric encryption
Symmetric Encryption

Same key used for encryption and decryption

  • DES
  • Triple DES (3DES)
asymmetric encryption
Asymmetric Encryption
  • Different keys used for encryption and decryption
    • One private key, one public key
    • RSA, PGP
  • Referred to as “Public Key (PKI)”
principles of encryption
Principles of Encryption
  • What do you know?
  • What can you find out?
  • What do you want to do?
  • What did you not do?
what do you want to do
What Do You Want To Do?
  • Digital Signature
    • Start with the sender’s private key
  • Digital Envelope
    • Start with the recipient’s public key
what did you not do
What Did You Not Do?
  • Digital Signature
    • Guarantees origin
    • Doesn’t protect contents
  • Digital Envelope
    • Conceals content
    • Doesn’t guarantee origin
certificates
Certificates
  • To send an encrypted message to anyone you need their public key
  • How can you get securely get their public key?
  • Certificate Authorities
  • X.509 based certificates
ipsec
IPSec
  • Both ends authenticate before transmission
  • Encrypts data transmission
  • Authentication methods
    • Kerberos
    • Certificates
    • Text-based key (authentication only)
enabling ipsec
Enabling IPSec
  • Chose a default policy
  • Choose an authentication method
ipsec policies
IPSec Policies
  • Client
    • Respond Only
  • Server
    • Request Security
    • Require Security
kerberos components
Kerberos Components
  • Kerberos Server
  • Ticket Granting Server
  • Ticket Granting Ticket
kerberos authentication
Kerberos Authentication
  • Client sends request to Kerberos server
  • Kerberos sends valid user
    • Session key between the client and TGS, encrypted w/client's secret key
    • TGT, encrypted w/Kerberos’ secret key
  • The client decrypts the TGT with its secret key
kerberos authentication106
Kerberos Authentication
  • To obtain a ticket for a service
    • Client encrypts a request using session key from Kerberos
    • TGS decrypts request and, if valid, returns a ticket for the service
when to upgrade
When To Upgrade
  • Member servers and client workstations
    • upgrade anytime
  • Domain Controllers
    • PDC always first
plan for disaster
Plan for Disaster
  • Before upgraded the PDC
    • Install new NT 4.0 BDC
    • Force replication
    • Take box offline
    • Save for a rainy day
upgrade path
Upgrade Path
  • Install NEW DC
  • Upgrade NT 4.0 BDCs
  • Upgrade clients
  • Convert to native mode (someday)
upgrading clients
Upgrading Clients
  • NT 4.0 Boxes
    • Upgrade to Windows 2000
  • Windows 9x
    • Install new Windows 2000 Professional
native mode112
Native Mode
  • Client authentication issues
    • Non-AD aware clients must be authenticated by the PDC emulator
  • Improved performance
directory services client
Directory Services Client

For Windows 9x/NT 4.0 clients

www.microsoft.com/windows2000/adclients

directory services client114
Directory Services Client
  • Supported features
    • Site Awareness
    • ADSI Interface
    • Dfs fault tolerant client
    • WAB Client
    • NTLM v2.0
directory services client115
Directory Services Client
  • Unsupported features
    • Kerberos
    • Group Policy / IntelliMirror
    • IPSec or L2TP
    • Mutual Authentication
what s new in windows xp
What’s New in Windows XP
  • This is not the Xbox
  • All beta versions are known as “Whistler”
    • XP Home Edition
    • XP Professional
    • Windows .NET Server products
ad